[BreachExchange] U.S. Republican campaign emails hacked months before election

[Destry Winant]

https://www.reuters.com/article/legal-us-usa-cyber-republicans/u-s-republican-campaign-emails-hacked-months-before-election-idUSKBN1O4071

WASHINGTON (Reuters) - Email accounts for a campaign group supporting
Republicans candidates running for the U.S. House of Representatives
were hacked before this year’s congressional elections, according to a
person familiar with the investigation.

Hackers used National Republican Congressional Committee credentials
to access a “small number” of email accounts at the organization,
which is also known as the NRCC, said the person, who was not
authorized to discuss details of the attack.

NRCC spokesman Ian Prior confirmed the group was the victim of a
cyberattack by an unknown party, but disputed that stolen passwords
were used.

“Upon learning of the intrusion, the NRCC immediately launched an
internal investigation and notified the FBI, which is now
investigating the matter,” Prior said.

The NRCC changed the passwords at its web-based email provider and
took steps to prevent similar attacks, said the person, who did not
name the email provider.

The hackers used techniques that make them difficult to identify and
officials have yet to determine whether they were aligned with a
foreign government, said a second person familiar with the case.

Cybersecurity firm CrowdStrike said in a statement that the NRCC asked
it in April to investigate “unauthorized access” to the group’s
emails.

The NRCC had previous hired CrowdStrike to protect the NRCC’s internal
corporate network, which was not compromised in the incident, the
company said.

The news was first reported by Politico, which said the NRCC learned
about the attack from a vendor who alerted the committee and its
cybersecurity contractor.

Senior Republican House leaders, including Speaker Paul Ryan and
Majority Leader Kevin McCarthy, were not informed, however, until
contacted by the news site, Politico said.

An FBI spokeswoman declined comment.

A senior U.S. Department of Homeland Security official told Reuters on
Tuesday the agency had not been informed by the NRCC or FBI of such an
attack.

During the most recent election cycle, the NRCC raised more than $174
million and spent most of the cash on advertisements trying to help
Republicans in difficult races.

Concerns about campaign security have heightened since U.S.
intelligence agencies concluded last year that Russia orchestrated the
hacking of Democratic officials to meddle with the 2016 presidential
election.

Special Counsel Robert Mueller is investigating Russia’s alleged 2016
election meddling, which Moscow denies.