“The content of these emails and their timestamps were consistent with a spear-phishing campaign that leading cybersecurity experts have tied to Cozy Bear,” the DNC wrote, using a name commonly used to identify the hacking squad associated with Russian intelligence services. “Therefore, it is probable that Cozy Bear again attempted to unlawfully infiltrate DNC computers in November 2018.”
Spear-phishing is a common hacking tactic involving sending emails disguised as originating from a trusted source that attempt to trick recipients into providing confidential information or clicking on links that download malicious software onto their computer systems.
Cozy Bear was the first of two Russian groups to hack the DNC during the 2016 presidential cycle, according to the U.S. intelligence community and cybersecurity companies that investigated the intrusions. Charges brought against a dozen Russian intelligence officers last summer by special counsel Robert Mueller accused the Kremlin of using its access to the DNC to steal thousands of emails before engineering their public release as part of a wide-ranging plot that U.S. intelligence agencies said was carried out to harm Democratic nominee Hillary Clinton’s candidacy and boost the electoral prospects of Mr. Trump.
Investigators concluded Cozy Bear wasn’t the Russian group that orchestrated the hack and leak operation of Democratic emails in 2016—and that its mission appeared to be one more aligned with traditional foreign espionage, such as eavesdropping on private communications to glean insight into possible policy decisions. The other group that hacked the DNC, known as Fancy Bear and associated Russia’s military intelligence agency, is generally blamed for the overt attempts to interfere in the election.
Russia has repeatedly denied any involvement in election hacking. Dan Coats, the director of national intelligence, said last month that U.S. intelligence agencies had seen no sign that election systems had been compromised by hackers during the 2018 midterm elections, but that Russia and other foreign adversaries continued to conduct influence operations aimed at the U.S.
“At this time, the Intelligence Community does not have intelligence reporting that indicates any compromise of our nation’s election infrastructure that would have prevented voting, changed vote counts, or disrupted the ability to tally votes,” Mr. Coats said in a statement.
Mr. Coats’ assessment aligned with what state election officials and cybersecurity firms had concluded shortly after the election. It didn’t address attempted cyberattacks on political campaigns or political parties, however.
Some cyber researchers in recent months have said they have tracked new phishing campaigns linked to Cozy Bear. U.S.-based cyber firm FireEye published research saying it had detected new phishing activity on Nov. 14—the same day DNC said it received the unsuccessful phishing emails––against over 20 of its clients in various industries, including law enforcement, the U.S. military, transportation and national government.
The DNC did not provide forensic evidence in its legal filing to support its claim that the November phishing attempts were likely Russian origin. The organization has attempted to improve its cybersecurity since the 2016 election, hiring former Yahoo cybersecurity chief Bob Lord and holding training sessions designed to help employees identify email phishing attempts.
“The DNC regularly coordinates with law enforcement and we maintain open channels of communication regarding cyber security issues,” DNC spokeswoman Adrienne Watson said. The FBI, which generally leads U.S. investigations into cyberattacks on political organizations, didn’t immediately respond to a request for comment.
The DNC’s added vigilance led to a false alarm in August when the organization announced it believed there had been an attempt to hack into its voter database after being notified by a cybersecurity firm of an apparent phishing scheme. A day later the DNC backtracked, saying the episode was actually just a misidentified cybersecurity test.
In December the National Republican Congressional Committee disclosed that it fell victim to a cyberattack last April by an unidentified hacker that some familiar with the investigation believe was a foreign operator. In that episode, the intruder maliciously accessed confidential committee emails that were being hosted by a third-party cloud-service provider through a password compromise.
—Reid J. Epstein contributed to this article.
Source : https://www.wsj.com/articles/dnc-says-russia-tried-to-hack-into-its-computer-network-days-after-2018-midterms-11547831410