A new report from SecureWorks Counter Threat Unit has revealed a hacking group operating from the Russian Federation, implemented spearphishing techniques involving use of look-alike Google login pages to gain access to DNC emails and other data. According the the report, hackers targeted the staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee (DNC), including individuals managing Clinton’s communications, travel, campaign finances, and advising her on policy.

— Examination of hillaryclinton.com DNS Records shows that the domain’s MX records - i.e. the mail server used by the domain - point to aspmx.l.google.com, the mail server used by Google Apps. Hakcers exploited the Hillary for America campaign’s use of Gmail and leveraged campaign employees’ expectation of the standard Gmail login page to access their email account.”

— First malicious URLs targeting hillaryclinton.com email addresses were created in mid-March 2016; the last URL was created in mid-May. Overall, 213 URLs targeting 108 email addresses on the hillaryclinton.com domain were created during the period.

— Through open-source research, researchers identified owners of 66 of the targeted email addresses. No open-source footprint were found for the remaining 42 addresses,  which would indicate they were acquired from another source.

— The targeted email owners held a wide range of responsibilities within the Hillary for America campaign, extending from senior figures to junior employees and the group mailboxes for various regional offices. Targeted senior figures managed communications and media affairs, policy, speech writing, finance, and travel, while junior figures arranged schedules and travel for Hillary Clinton’s campaign trail.