Russian-backed hackers have breached the network of the Democratic National Committee (DNC) in search of opposition research on likely Republican nominee for president Donald Trump, according to the Washington Post.
The hack of the DNC network – apparently conducted by two separate threat families – was first noticed in April and finally cleared out last weekend.
This attack fits within the known tactics of Russian-government backed hackers who have been engaged in 7-years of cyber espionage against the West, which F-Secure Labs first exposed in a report last year on the Advanced Persistent Threat group called “The Dukes.”
“We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making,” the Labs reported, introducing a whitepaper with all the juicy details on the subject.
Reports suggest that the DNC was first breached by The Dukes (referred to as Cozy Bear by the investigators) last summer. After our report and the international news coverage that followed in September, the group seemed to have gone quiet, apparently while still lurking in the DNC network and possibly elsewhere.
A different group of Russia-backed attackers appears to be responsible for the much more recent second breach, suggesting an even more active push to gain insight into the ongoing presidential elections in the US.
The hackers who hit the DNC weren’t after any donor or credit card that would have interested traditional hackers, and instead focused on research involving Trump. These groups are primarily interested in politically valuable information, and naturally, any non-public insight on U.S. presidential candidates would surely do.
“Russian President Vladimir Putin has spoken favorably about Trump, who has called for better relations with Russia and expressed skepticism about NATO,” The Post explains. “But unlike Clinton, whom the Russians probably have long had in their spy sights, Trump has not been a politician for very long, so foreign agencies are playing catch-up, analysts say.”
Political organizations involved with the 2016 U.S. election, which will decide who will be the most important person in world “are virtually painting a bulls-eye on their back” for hackers, explains our cyber security advisor Erka Koivunen.
“Given the sheer size and complexity of these organizations, the enormous length of the campaigns, high-pace way they need to interact with the external world and the fact that there are volunteers, staffers, hired help and embedded whatnots all using the network, it is an impossible task to keep even a moderately skilled but determined attacker out,” he said.
And given that The Dukes are both highly skilled and extremely determined it’s likely the Russians already know more about Trump than his Republican primary opponents did.
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
April 18, 2018