The Democratic National Committee (DNC) has claimed that one of the same Russian hacking groups blamed for leaking sensitive information in 2016 targeted its employees again just days after the 2018 midterm elections.
In court documents filed at the weekend, the DNC said that the group known as Cozy Bear (aka APT29/The Dukes) posed as a State Department official in spear-phishing emails sent to dozens of its employees.
The emails were booby-trapped with a malware-laden PDF designed to provide access to the victim’s machine.
“In November 2018, dozens of DNC email addresses were targeted in a spear-phishing campaign, although there is no evidence that the attack was successful,” the filing noted.
“The content of these emails and their timestamps were consistent with a spear-phishing campaign that leading cybersecurity experts have tied to Russian intelligence. Therefore, it is probable that Russian intelligence again attempted to unlawfully infiltrate DNC computers in November 2018.”
The revelations are part of a civil suit filed by the DNC against the Kremlin, Julian Assange and WikiLeaks, the Trump campaign, and others. It details an alleged conspiracy to win Trump the presidency by stealing sensitive DNC documents and leaking them ahead of the 2016 election.
The Kremlin has already argued for it to be thrown out, claiming that even if it did hack the DNC, this activity would fall under military operations and therefore be immune from civil claims.
In July 2018, special counsel Robert Mueller indicted 12 alleged Russian intelligence officers for their part in this 2016 operation.
That followed a February charge against 13 Russian nationals and three Russian companies for the alleged role they played in online disinformation and influence campaigns ahead of the election.