DNC officials say Russians unsuccessfully tried to hack them after 2018 midterms

Dozens of DNC officials received spearphishing emails from Cozy Bear after the midterms, according to a court filing.

Hackers linked with the Russian government were likely behind an attempt to breach email accounts of Democratic National Committee officials just days after the 2018 midterm elections, the committee alleged late Thursday.

Dozens of DNC officials were targeted with spearphishing emails on Nov. 14, eight days after the elections, the committee said in an updated court filing that is part of its lawsuit against the Russian government. The DNC is the Democratic Party’s top governing body.

In this particular incident, there was no breach of email accounts, the committee said. After the infamous 2016 Russian intrusions into the DNC computer network, the party has trained its staff rigorously in cybersecurity. Analysts have said Russian state-sponsored hacking activity has increased recently.

The DNC declined to comment beyond the court filing.


“The content of these emails and their timestamps were consistent with a spearphishing campaign that leading cybersecurity experts have tied to Russian intelligence,” the court document says.

The hacking group implicated is known as Cozy Bear or APT29, and is one of two Russian outfits that breached the DNC during the 2016 U.S. presidential election. That was part of a comprehensive campaign of Kremlin interference that U.S. officials say was designed to undermine Hillary Clinton’s candidacy and help Donald Trump’s.

That DNC’s security overhaul since 2016 also has included hiring Bob Lord, Yahoo’s former chief information security officer, along with former Uber technology executive Raffi Krikorian.

The new court filing is further evidence that hackers have continued to target U.S. political officials, even if it’s not on the scale of the 2016 intervention.

Last December, the National Republican Congressional Committee — the House GOP’s campaign organization — revealed that it suffered a cyber-intrusion during the 2018 midterms. Neither the NRCC nor outside investigators have said who they think is responsible for that breach.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts