Enlarge / Hillary Clinton's campaign acknowledged systems used by the campaign, hosted at the DNC, had been hacked, allegedly by a group tied to Russian intelligence agencies. (credit: Clinton campaign.)

An analytical system hosted by the Democratic National Committee and used by Hillary Clinton's presidential campaign team was accessed by hackers. In a statement issued by the Clinton campaign, a spokesperson said that a network intrusion had exposed data on the system maintained by the DNC, but that the campaign organizations's own systems did not appear to have been breached. No financial or personal identifying data other than voter information was stored on the analytical system.

In a separate statement, a spokesperson for the Democratic Congressional Campaign Committee acknowledged that its network and systems had been hacked. Upon discovering the breach, "we immediately took action and engaged with CrowdStrike, a leading forensic investigator, to assist us in addressing the incident," said Meredith Kelly, a spokeswoman for the DCCC.

The New York Times cited information from an unnamed federal law enforcement official that both the breach of the Clinton campaign system hosted at DNC and the DCCC hack—which redirected would-be donors to a lookalike site that collected their personal data—were executed by groups of hackers affiliated with Russia's intelligence services. Both the DNC and DCCC attacks were attributed to the group behind the "Fancy Bear" family of malware and intrusions, which the official identified as being tied to the Russian military intelligence agency known as Glavnoye Razvedyvatel'noye Upravleniye (GRU), or Main Intelligence Directorate. "It's the same adversary," the official told the Times.

Read 2 remaining paragraphs | Comments


Yesterday I mentioned rtfobj.

Philippe told me that version 0.48 will parse the sample I analyzed yesterday. 0.48 is not a stable version (0.47 is), but you can download it from Github.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status