Menu
Browse

Cyber Threat Actor: DC Leaks

Actor Type Location Known Incidents
 Icon
Nation State
Russia
2 incidents
Profile

DC Leaks is a threat actor publicly linked by U.S. intelligence officials and cybersecurity experts to Russian government-associated hacking operations. Operating under this primary alias, the group functioned as a disclosure platform for materials obtained through cyber intrusions targeting U.S. political entities. Intelligence assessments consistently identified DC Leaks as a front for Russian state-aligned hackers rather than an independent entity, with operations aligning chronologically and tactically with broader interference campaigns during the 2016 U.S. election cycle. The group’s activities centered on leaking sensitive documents to achieve strategic disruption rather than financial gain, leveraging stolen information to amplify political divisions.

The actor systematically targeted U.S. political figures, campaign staff, government officials, and electoral infrastructure. Victims included Democratic Party organizations, individuals associated with Hillary Clinton’s presidential campaign, and at least two state election systems, indicating an objective to compromise electoral integrity and undermine public confidence. Leaked materials ranged from personal emails of low-level staffers to correspondence from high-profile figures like former Secretary of State Colin Powell, selectively published to maximize political embarrassment. The group’s operational pattern involved breaching personal email accounts—such as a White House staffer’s Gmail—and exfiltrating logistical communications alongside sensitive government documents, including protected records like the purported passport of the U.S. First Lady. While specific intrusion methods remain unspecified in public reporting, the consistent focus on U.S. political targets and coordination with other Russian-aligned leak platforms suggests a centralized objective of espionage and influence.

A defining operation attributed to DC Leaks occurred in September 2016, when the group published emails from Ian Mellul, a White House staffer tied to Clinton’s campaign, alongside a scanned image alleged to be Michelle Obama’s passport. The Mellul emails, while largely mundane, were paired with Powell’s authenticated correspondence—previously obtained through separate breaches—to create a narrative of institutional vulnerability. U.S. authorities, including the Secret Service, confirmed investigations into the passport disclosure due to its potential compromise of protected individuals, though authenticity remained unverified. This campaign exemplified the actor’s modus operandi: combining low-sensitivity documents with high-impact leaks to generate media scrutiny while obscuring the origin of intrusions. The group’s affiliation with Russian state interests was underscored by its synchronization with other Kremlin-linked operations, including the theft and staged release of emails from Democratic National Committee systems.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
1 source