Two US cybersecurity firms said that their analysis of computer breaches at the Democratic Party’s funding group for congressional candidates shows detailed evidence that the intrusions were likely linked to Russian hackers.
The two US companies said in separate posts today that Internet domains and registrants used in the breach of computers used by the Democratic Congressional Campaign Committee, or DCCC, tie back to a Russian hacking group linked to that nation’s intelligence services. That same hacking group, known as “Fancy Bear,” was previously connected to the June cyber breach at the Democratic National Committee.
Both firms, Fidelis Cybersecurity and ThreatConnect, said the hackers created a fake Internet DCCC donation site. The registrant for the fake DCCC site was linked back to other web domains used by “Fancy Bear.”
The FBI is investigating a hack at the Democratic National Convention that resulted in the posting last week of embarrassing internal communications on WikiLeaks, and a similar intrusion of the House Democratic Congressional Campaign Committee. President Barack Obama has said Russia was almost certainly responsible for the DNC hack, an assertion with which cybersecurity experts have agreed.
The FBI said Friday it was aware of “media reporting on cyber intrusions involving multiple political entities, and is working to determine the accuracy, nature and scope of these matters.”
The intrusions have added another layer of mystery to the hacking of Democratic Party information that has been revealed in the heat of this year’s presidential and congressional elections.
The DNC breach led to the release by WikiLeaks on July 22, days before the Democratic national convention began, of 19,000 emails showing that supposedly neutral party officials were favoring Hillary Clinton over Sen. Bernie Sanders during their primary contest for the presidential nomination. As a result of that disclosure, party chairwoman Rep. Debbie Wasserman Schultz, D-Florida, announced her resignation this week.
On Friday, the DCCC, which raises money and provides other assistance for Democratic House candidates, acknowledged a digital break-in of its computers that it said resembled the DNC hack.
Spokeswoman Meredith Kelly said the committee was “the target of a cybersecurity incident” and was informed by investigators “that this is similar to other recent incidents, including the DNC breach.”
She said the congressional campaign committee is using CrowdStrike Inc., a computer security firm based in Irvine, California, and is “cooperating with the federal law enforcement with respect to their ongoing investigation.” She said her organization is “continuing to take steps to enhance the security of our network in the face of these recent events.”
CrowdStrike issued a statement confirming its work for the congressional campaign committee but provided no additional details.