Cyber Incident Victim: Democratic National Committee

On November 14, 2018, the Democratic National Committee (DNC) reported that dozens of its email addresses were targeted in a spear-phishing campaign attributed to the Russian state-sponsored hacking group known as Cozy Bear (APT 29). The attack occurred shortly after the conclusion of the US midterm elections and involved emails crafted to impersonate communications from a Department of State official. Cybersecurity firms Crowdstrike and FireEye detected the campaign at the time, noting its alignment with Cozy Bear's historical tactics and its broader targeting of multiple sectors including think tanks, law enforcement agencies, government entities, and business information services. The DNC stated there was no evidence the attackers successfully compromised its systems during this incident. This activity marked a recurrence of Russian cyber operations against the DNC, following the group's 2016 breach of DNC servers alongside Fancy Bear (APT 28) in the lead-up to the US Presidential election.

The DNC disclosed these details in January 2019 as part of an updated complaint in its April 2018 lawsuit against the Russian government, GRU military intelligence, WikiLeaks, Julian Assange, and several Trump campaign associates. The lawsuit alleged coordinated efforts to interfere in US elections through cyber intrusions and information dissemination. In November 2018, Russia sought dismissal of the lawsuit, arguing its hacking activities constituted military intelligence operations exempt from US judicial jurisdiction. The incident occurred amid heightened scrutiny of election-related cybersecurity threats, with the National Republican Congressional Committee (NRCC) separately disclosing in December 2018 that it had suffered a cyber intrusion during the 2018 campaign season. The DNC's disclosure underscored persistent targeting by Russian actors but confirmed no operational impact from the November 2018 attempt.