The Democratic National Committee (DNC) has claimed that it was targeted in an attempted hacking by a Russian group shortly after the midterm elections. The documents were part of an amended complaint filed in federal court in New York. According to the DNC, there is no evidence that the attack was successful.
On Nov. 14, a malicious email was sent to dozens of DNC email addresses apparently targeting a wide range of party officials at all levels. The email contained infected attachments designed to embed malware on party computers. After an internal investigation and an assessment by security consultants, a Democratic official says the party is confident that no one opened the attachments and freed the malware.
The Russian organization believed to be responsible is one of two accused of hacking into the committee’s computers during the 2016 presidential race. Cozy Bear, also known as APT 29 or the Dukes, has been called the likeliest culprit but it has not been established that the group was definitively guilty. However, Cozy Bear, operating since 2016, has used similar tactics in the past and has been linked to a coordinated wave of hacking attacks on Democratic Party officials.
The new documents from the DNC were filed as part of a previous lawsuit filed in April over Russian hacking prior to the 2016 presidential election. That lawsuit accused the Russian government and Russian intelligence agents of being part of the operation. The Russian government has consistently denied hacking the DNC.
There is speculation that the latest attack against the DNC was part of a broader malware campaign targeting government agencies, law enforcement officials, journalists, and many others. According to security firms with knowledge of both hacking attempts, the emails were almost identical. The scope of that wider attack remains unknown as investigations continue.
The DNC did not reveal how or when it discovered the hacking attempts. A third party may have alerted the DNC to the emails or a security firm may have been conducting a review that detected the suspicious messages. More information may become available as the incident is investigated further.