The same group that hacked and leaked emails from the Democratic National Committee during the campaign is focusing on a new set of targets, according to new research from security firm Volexity reported by Brian Krebs and Motherboard. The group, dubbed “The Dukes” by Volexity researchers, has been sending malware-laced emails to think tanks and non-governmental organizations throughout Washington, presumably in an effort to steal and publish email archives. According to Volexity, two of the emails were dummied to look like forwards from the Clinton Foundation, with one offering a PDF on “Why American Elections Are Flawed.” Targets included Radio Liberty, the Atlantic Council, the RAND Corporation, and the State Department.
The attacks began before the election, growing most active during August of 2016, but they have continued even after Election Day. The most recent set of emails were sent just six hours after election results named Trump the presumptive winner. According to Volexity, the attacks are considered to be ongoing.
Earlier this year, the US Intelligence Community formally blamed the Russian government for the attacks on the DNC email system, an attribution that raises the stakes for Volexity’s findings. President-elect Trump has publicly questioned that attribution, saying the culprit could just as easily be “someone sitting on their bed that weighs 400 pounds.” At the same time, Russian officials today confirmed that they have been in contact with members of Trump’s staff throughout the campaign.
Notably, the attackers did not employ any previously undisclosed vulnerabilities in the attack, relying instead on malicious macros that typically pass through anti-virus systems undetected.
“This is a well-funded and in some respects professional organization,” Volexity CEO Steven Adair told Krebs. “What they’re doing takes time and effort, and for eight plus years now they’ve been in continuous development of new backdoors. They’re continually targeting different verticals — universities, NGOs and governments — and they learn from others, retool and modify their attacks constantly.”
Update November 10th, 3:58PM ET: Updated to include information from Motherboard report.