DNC says Russia tried to hack its servers again in November 2018
The Democratic National Committee (DNC) claimed today that Russian hackers tried to break into its servers in November 2018, shortly after the conclusion of the US midterm elections.
The claim was made in an updated complaint in a lawsuit the DNC filed in April 2018 against the Russian state, Russia’s military intelligence service GRU, the hacker known as Guccifer 2.0, WikiLeaks and its founder Julian Assange, and several members of the Trump campaign, such as Donald Trump, Jr., Paul Manafort, Roger Stone, Jared Kushner, and George Papadopoulos.
The DNC filed the original lawsuit in an attempt to prove collusion between the Trump campaign, Russia, and WikiLeaks.
“On November 14, 2018, dozens of DNC email addresses were targeted in a spear-phishing campaign, although here is no evidence that the attack was successful,” the DNC said in updated court documents.
“The content of these emails and their timestamps were consistent with a spearphishing campaign that leading cybersecurity experts have tied to Cozy Bear (APT 29),” the DNC said.
The attacks were detected at the time by multiple cyber-security firms, which also attributed them to the Cozy Bear group.
The spear-phishing emails were crafted to look like they came from a Department of State official, according to Crowdstrike and FireEye, and targeted a range of sectors including in think tank, law enforcement, government, and business information services.
At the time, it wasn’t known that the emails also targeted the DNC.
The Cozy Bear group is one of the two Russian cyber-espionage groups which also hacked the DNC back in 2016, before the US Presidential election. The other group was Fancy Bear (APT28).
In the aftermath of the infamous DNC hack, CrowdStrike experts said Cozy Bear appeared to have affiliations to the FSB, Russia’s main intelligence service, a department previously led by Vladimir Putin a few years before becoming Russia’s president.
In November 2018, Russia tried to have the DNC lawsuit thrown out on the grounds that its hacking operations are considered military intelligence gathering and are outside the US courts’ jurisdiction.
In December 2018, the National Republican Congressional Committee (NRCC) disclosed that it was the victim of a cyber intrusion during the 2018 campaign season.