Russian government-backed hackers target American political parties, organizations, and campaigns in the 2016 presidential election
In advance of the 2016 U.S. presidential election, Russian state-sponsored hacking groups Cozy Bear and Fancy Bear targeted political parties, organizations, and presidential campaigns. In July 2015, hackers from Russian intelligence-connected Cozy Bear, or APT29, infiltrated the Democratic National Committee’s (DNC) computer network using spear phishing tactics. According to cybersecurity firm CrowdStrike, the hackers “monitor[ed] the DNC’s email and chat communications.” A January 2017 report from the Director of National Intelligence states that Cozy Bear “maintained that access until at least June 2016.” On March 19, 2016, Clinton campaign chairman John Podesta opened a phishing email disguised as a Google security alert, giving Russian military intelligence-connected Fancy Bear, or APT28, access to Podesta’s account and the Clinton campaign network. On April 6, 2016, Russian hackers successfully spear phished an employee of the Democratic Congressional Campaign Committee (DCCC). Just days later, the hackers breached the DCCC, stealing thousands of pages of internal party documents. On April 18, 2016, Fancy Bear leveraged its DCCC access to further infiltrate the DNC. The GRU officers installed malware to steal data, such as opposition research, from the DNC. By June, the hackers had compromised 33 DNC computers. In January 2017, U.S. intelligence officials revealed that Russian hackers also accessed Republican computer systems prior to the 2016 election, including old Republican National Committee domains that were no longer in use. However, the hackers elected not to leak most of the documents belonging to Republican lawmakers. The revelation indicates that Russian actors targeted both major American political parties in their attempts to influence the 2016 presidential election, but primarily released Democrats’ documents.