The researchers say that TG-4127 also created Bitly links to malicious Web sites and targeted nine dnc.org email accounts with them, including the DNC’s communications director and its secretary emeritus. The timeframe for this attack was mid-March to mid-April.
The damage done by this type of hack could include the ability to access other Google services such as Google Drive and to generate spearphishing emails using legitimate email addresses internal to the organizations and possibly unleash malware in the organizations’ networks, the researchers say.
The researchers say TG-4127 has targeted the White House, the German parliament and the German Christian Democratic Union political party. “CTU researchers assess with moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government,” the blog post says.
The researchers have not seen this type of TG-4127 spearphishing attack target the Republican Party or other presidential candidates, but they didn’t use Google mail servers.
“Targeting individuals linked to presidential campaigns could represent an intelligence ‘long game,' as establishing access to potential U.S. administration staff before they are appointed could be easier than targeting them when they are established in the White House,” CTU says,
Sign up for CIO Asia eNewsletters.