North Korean hackers targeted individuals associated with Hillary Clinton’s 2016 presidential campaign weeks before Russian actors successfully breached its chairman’s email account, according to a new report.
Hackers working for the North Koran government successfully compromised the email accounts of individuals involved with an East Asia-focused foreign policy advisory group in contact with Mrs. Clinton’s campaign in a bid to access policy documents and other privileged information that could’ve been used to Pyongyang’s advantage if Mrs. Clinton won the presidency, CyberScoop reported Tuesday.
The hackers breached email accounts associated with a D.C. think tank, then used that access to send convincing spear-phishing emails to associates of Mrs. Clinton’s campaign, according to an incident response report obtained by CyberScoop as well as interviews with individuals aware of the operation.
The malicious emails included links to a bogus Google login page where recipients were asked to enter their Gmail credentials, according to the report. Anyone who clicked on the link and entered their username and password risked putting that information into the hands of hackers, the report said.
Private cybersecurity specialists, in-house experts and American law enforcement officials attributed the February 2016 hacking campaign to North Korea’s Reconnaissance General Bureau, or RGB, the nation’s intelligence agency, a former U.S. official told CyberScoop on condition of anonymity.
“This phishing attack fits a pattern of previous successful attacks against [non-governmental organizations] and U.S. government-based entities which align to an Asian nexus. We are highly confident this is North Korea’s RGB, focusing on intelligence gathering,” the source said.
The RGB’s hackers have previously been linked to security incidents including the Sony Pictures Entertainment Breach in 2014 and this year’s debilitating WannaCry worm, among other events. North Korea has denied responsibility for both.
Members of the Clinton campaign learned of the spear-phishing operation in February 2016 after the incident response report was shared within the organization, and neither the Hillary for America campaign nor any email addresses associated with that domain were directly breached as a result of the hacking campaign, according to the report.
It was not clear how much sensitive information, if any, was gleaned by North Korean hackers targeting the Clinton campaign and its contacts, the report said.
Hackers tied to the Russian government successfully used a similar spear-phishing technique the following month to breach an email account belonging to John Podesta, Mrs. Clinton’s former campaign chairman, putting them in possession of sensitive messages subsequently provided to WikiLeaks for publication.
That breach and others targeting the Democratic Party were waged by state-sponsored hackers working on behalf of the Kremlin in support of Mrs. Clinton’s opponent, Donald Trump, according to the U.S. intelligence community. Russian officials including President Vladimir Putin have denied responsibility for those attacks and others.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.