The governing body for the Democrats said that shortly after the 2018 midterm elections in November, dozens of DNC email addresses received spear-phishing emails that it believes came from the Russian hacking group Cozy Bear, according to a court document filed Thursday night.
Although “there is no evidence that the attack was successful,” the filing reads, “it is probable that Cozy Bear again attempted to unlawfully infiltrate DNC computers in November 2018.”
The filing says that the content and timestamps of the spear-phishing emails received on Nov. 14 were “consistent with a spear-phishing campaign that leading cybersecurity experts have tied to Cozy Bear.”
Spear-phishing is the practice of sending a scam email to a user that contains a link designed to steal credentials or install malware.
CNN reported that the hackers in the November attempt posed as a State Department official, citing a senior Democratic Party source with direct knowledge of the attack.
Cybersecurity firm FireEye published a report in late November stating that more than 20 clients across multiple industries had been the target of hacking attempts involving “a phishing email appearing to be from the U.S. Department of State” which included .zip files containing malware.
The campaign targeted a variety of industries, including think tanks, law enforcement, media, military, transportation, pharmaceutical, government, and defense contracting, according to the FireEye report. The report also said that the method of attack could “connect this activity to previously observed activity suspected to be APT29,” or Cozy Bear.
Cozy Bear is one of two hacking groups tied to Russian intelligence services that infiltrated the DNC servers in the lead-up to the 2016 election, according to the cybersecurity group Crowdstrike and US government officials. The Crowdstrike report says that Cozy Bear first infiltrated the DNC in the summer of 2015, roughly a year before the second group, Fancy Bear, separately hacked the DNC in April 2016.
According to the Washington Post, Cozy Bear has previously infiltrated the unclassified networks of the White House and the State Department, while the Guardian reported in 2015 the same group hacked the unclassified email network of the joint chiefs of staff.
Thursday's DNC filing is the latest entry in the Democrats' lawsuit alleging a widespread conspiracy between the Russian government and the Trump campaign to steal the US presidency. The case was initially filed in April 2018 in the Southern District of New York.