The FBI is investigating a second cyberattack targeting the interests of the US Democratic Party after a breach was reported at the Democratic Congressional Campaign Committee (DCCC) – a group that handles donations for democrats running for the US House of Representatives.
The news comes after a separate incident was revealed at the Democratic National Committee (DNC) in which internal memos, donor lists and strategic playbooks were stolen and leaked by suspected Russian hackers. WikiLeaks, the whistleblowing platform managed by Julian Assange, then released nearly 20,000 emails from the group – leading to high-profile resignations within the party.
It is believed the newly disclosed breach at the DCCC, which shares office space with the DNC, was intended as an information gathering operation to glean data on political donors, rather than for financial gain. According to sources familiar with the matter, who spoke to Reuters, the infiltration could have taken place as recently as June.
The incident reportedly centred on a spoofed website using a similar domain name to the one used by the DCCC. This meant that internet traffic – and donation information – was at times being sent through a site operated by the hackers, whose identity remains unknown.
According to the sources, the internet protocol (IP) address of the malicious website resembled one used by suspected Russian state-sponsored hackers thought to be involved with the DNC breach. It remains unclear exactly what data was compromised, although it has been noted that donors usually would transmit names, email addresses and credit card details when using the website.
"Until proven otherwise, I would suggest that everyone involved with the campaign committee operate under the assumption Russians have access to everything in their computer systems," Jim Manley, a Democratic strategist, told Reuters.
The FBI, which is probing the case, issued the same statement as previously released following the DNC hack. It said: "The FBI is investigating a cyber intrusion involving the DNC and are working to determine the nature and scope of the matter. A compromise of this nature is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace."
On 28 July, Kremlin spokesman Dmitry Peskov said the assertions of multiple cybersecurity firms, including FireEye's Mandiant, ThreatConnect and CrowdStrike, were motivated by 'anti-Russian sentiment'.
"As regards these [email] batches, that is not our headache," he said. "We never poke our noses into others' affairs and we really don't like it when people try to poke their nose into ours. The Americans need to get to the bottom of what these emails are themselves and find out what it's all about."