Cyber Incident Victim: SKDKnickerbocker
Date:
Jul 2020
Location:
United States of America
Summary
Suspected Russian state-backed hackers, identified as the group Fancy Bear linked to Russian military intelligence, targeted a Democratic campaign advisory firm working with Joe Biden's presidential campaign using phishing and other network infiltration attempts. Microsoft detected the activity and alerted the firm, which successfully defended against the attacks with no breach occurring. The incident mirrored previous interference attributed to the same actors, raising concerns about foreign attempts to influence the U.S. election, though the specific motive—whether targeting Biden's campaign or other clients—remained unclear.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In mid-2020, suspected Russian state-backed hackers targeted SKDKnickerbocker (SKDK), a Washington-based campaign strategy firm advising Joe Biden’s presidential campaign and other prominent Democrats. Microsoft Corp detected and alerted SKDK to multiple hacking attempts occurring over a two-month period preceding September 2020. The attackers employed phishing techniques—deceptive attempts to trick staff into revealing passwords—alongside other unspecified methods to infiltrate the firm’s networks. Microsoft attributed these attacks to the hacking group commonly known as "Fancy Bear," which U.S. intelligence agencies have previously linked to Russia’s military intelligence agency (GRU). This group was responsible for breaching Hillary Clinton’s 2016 presidential campaign and leaking staff emails. Microsoft based its attribution on analysis of the hackers’ infrastructure and operational patterns, leveraging its visibility through Windows and cloud services like Office 365. SKDK’s defenses prevented unauthorized access, with a firm representative confirming no network breach occurred. The Biden campaign acknowledged Microsoft’s notification but emphasized the attacks targeted non-campaign email accounts of individuals affiliated with the campaign.
The incident occurred amid heightened U.S. intelligence warnings about foreign interference in the 2020 presidential election, with explicit concerns about Russian operations mirroring 2016 election meddling. Investigations by Special Counsel Robert Mueller and the Senate Intelligence Committee had previously confirmed Russian government affiliates interfered in 2016 to aid Donald Trump’s election. SKDK’s significance as a target stemmed from its deep Democratic Party ties, including work on six presidential campaigns and Biden’s 2020 bid. Anita Dunn, a managing director at SKDK and former Obama White House communications director, served as a senior advisor to the Biden campaign. Microsoft shared its assessment directly with SKDK but declined public comment, as did SKDK Vice Chair Hilary Rosen. The Kremlin dismissed the allegations as “nonsense,” consistent with Russia’s longstanding denials of election interference. One source noted uncertainty over whether the hackers specifically sought Biden-related information or data on SKDK’s other clients, which included victorious 2018 gubernatorial campaigns in Kansas and Connecticut. Microsoft’s Defending Democracy initiative, launched in 2018 to protect political campaigns from cyber threats, played a role in identifying and notifying SKDK of the activity.