Hackers associated with the Russian government infiltrated the Democratic National Convention’s computer network and stole opposition research on Republican presidential nominee Donald Trump.
The DNC said no financial, donor, or personal information was compromised in the breach, reports The Washington Post.
Instead the intrusion appears to be a classic case of traditional espionage, with Russian spies expressing an interest in better understanding the policies and disposition of the United States’ potential future president.
Shawn Henry, president of CrowdStrike, clarifies this point:
“It’s the job of every foreign intelligence service to collect intelligence against their adversaries. We’re perceived as an adversary of Russia. Their job when they wake up every day is to gather intelligence against the policies, practices and strategies of the U.S. government. There are a variety of ways. [Hacking] is one of the more valuable because it gives you a treasure trove of information.”
Executives at the DNC first learned of the intrusion back in late-April when the IT team reported unusual activity on the network.
The DNC decided to bring in CrowdStrike to investigate the issue.
After monitoring the computer network, the security firm identified two separate Russian hacker groups that had gained unauthorized access to the DNC. One group, COZY BEAR, is believed to have gained access back in the summer of 2015, whereas the second group, FANCY BEAR, most likely gained access in April 2016.
The fact that the two groups went undetected for weeks or even months is a testament to their sophistication, explains CrowdStrike co-founder and CTO Dmitri Alperovitch in a blog post:
“In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft – both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected. Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.”
Both COZY BEAR and FANCY BEAR were expelled from the DNC’s network over the weekend.
U.S. officials believe the same hackers also penetrated the networks of both Donald Trump and Hillary Clinton, as well as some Republican political action committees. No information is available for those other hacking cases at this time.
Russia has denied any involvement in the hacking cases.
News of this intrusion follows close to one year after the United States accused Russian hackers of penetrating computer networks at the White House and the State Department.