Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/29/2016
03:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Second Democratic Party Website Hacked

In a DNC-like attack, pro-Russian hackers broke into a website belonging to the Democratic Congressional Campaign Committee -- and reportedly also the Clinton campaign website.

[UPDATE: Reuters reported late today that its sources say Hillary Clinton's campaign website also was breached as part of what was a broad attack campaign against the Democratic party]

First the Democratic National Committe (DNC), and now this: A cyber espionage group apparently affiliated with pro-Russian causes earlier this year hacked into a donor website of the Democratic Congressional Campaign Committee (DCCC), the campaign arm of House Democrats.

The website was altered so visitors attempting to donate at the site were redirected instead to another domain controlled by the attackers, security vendor FireEye said in a report released yesterday. By the time FireEye discovered the intrusion earlier this week, the link to the malicious website had been disabled.

It's unclear if those who were redirected to the attacker-controlled site had their personal and financial data stolen or had malware dropped on their systems. It is also unclear how long visitors to the site were redirected, but it included a period between June 19 and June 27. “The site may have also been compromised for periods before and after those dates,” FireEye said.

News of the DCCC website intrusions follows the recent disclosure of an intrusion into a Democratic National Committee (DNC) system that resulted in thousands of internal emails being leaked and published on WikiLeaks. Controversial content in some of the purloined emails later forced the chairman of the DNC Debbie Wasserman Schultz to resign from her post and fueled angry accusations from the Democratic party about Russian interference in the US election process.

In comments to various media outlets, a spokesman for the Russian embassy in Washington denied any involvement in the DNC intrusion. But speculation of the source and motive for the attack continue to rage on, especially after the FBI this week said its analysis shows a potential Russian connection.

John Hultquist, manager cyber espionage intelligence at FireEye, says his firm discovered the intrusion at the DCCC website from its tracking of a cyber espionage group called Tsar Team, aka APT28. The group has been actively involved for the past three- or four years in a wide range of spying activities directed largely against Chechen rebels, Russian dissidents, and individuals with ties to the defense industry in multiple countries.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

“There is all kinds of evidence that indicate they have a strong interest in Russian geopolitical and Russian security issues,” Hultquist says. “That is why we have been so focused on them.”

Interestingly, the Tsar Team’s activities have not been restricted solely to espionage activities. The group has also engaged in quite a bit of hacktivism, and recently it has resorted to fabricating persona with interests in different causes. For instance, the hacking team created a group called the Cyber Caliphate and has been using that to post pro-ISIS propaganda in an apparent bid to gain access to ISIS sympathizers, Hultquist says.

It was while looking for activity and traces of the unique malware associated with APT28 on the Web that FireEye discovered the intrusion at the DCCC website, he says. The company informed the DCCC about its discovery on Thursday.

In comments to Bloomberg, Meredith Kelly, press secretary for the DCCC, confirmed that the organization had been the victim of a cyber intrusion and was currently cooperating with law enforcement to investigate the issue. Kelly did not offer any other details of the breach.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5524
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.
CVE-2020-5525
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
CVE-2020-5533
PUBLISHED: 2020-02-21
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5534
PUBLISHED: 2020-02-21
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.
CVE-2014-7914
PUBLISHED: 2020-02-21
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.