NordVPN Promotion

Home / News

DNC Emails Hacked Using Fake Gmail Login Forms

A new report from SecureWorks Counter Threat Unit has revealed a hacking group operating from the Russian Federation, implemented spearphishing techniques involving use of look-alike Google login pages to gain access to DNC emails and other data. According the the report, hackers targeted the staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee (DNC), including individuals managing Clinton’s communications, travel, campaign finances, and advising her on policy.

Examination of hillaryclinton.com DNS Records shows that the domain’s MX records - i.e. the mail server used by the domain - point to aspmx.l.google.com, the mail server used by Google Apps. Hakcers exploited the Hillary for America campaign’s use of Gmail and leveraged campaign employees’ expectation of the standard Gmail login page to access their email account.”

First malicious URLs targeting hillaryclinton.com email addresses were created in mid-March 2016; the last URL was created in mid-May. Overall, 213 URLs targeting 108 email addresses on the hillaryclinton.com domain were created during the period.

Through open-source research, researchers identified owners of 66 of the targeted email addresses. No open-source footprint were found for the remaining 42 addresses,  which would indicate they were acquired from another source.

The targeted email owners held a wide range of responsibilities within the Hillary for America campaign, extending from senior figures to junior employees and the group mailboxes for various regional offices. Targeted senior figures managed communications and media affairs, policy, speech writing, finance, and travel, while junior figures arranged schedules and travel for Hillary Clinton’s campaign trail.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion