Cyber Incident Victim: Democratic National Committee
Date:
Feb 2020
Location:
United States of America
Summary
An impersonator using a domain registered overseas, reportedly in Russia, posed as a staffer from Bernie Sanders' campaign and attempted to contact members of at least two other Democratic presidential campaigns. The Democratic National Committee alerted campaigns to such tactics, noting adversaries often mimic real individuals to trick targets into downloading malicious files, clicking phishing links, or attending recorded meetings intended for public dissemination. While attribution remains challenging and no direct link to the Russian government was confirmed, Sanders' campaign assessed the activity aligned with broader efforts by Russian actors to sow discord within the U.S. electoral process. Authorities were notified of the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 26, 2020, the Democratic National Committee (DNC) issued a warning to its presidential campaigns following reports of an online impersonation attempt targeting staffers. The incident involved an unknown actor registering a domain overseas to impersonate a member of Senator Bernie Sanders’ campaign team. This impersonator contacted members of at least two other Democratic campaigns, attempting to initiate conversations under false pretenses. DNC Chief Security Officer Bob Lord alerted campaigns via email, emphasizing that adversaries frequently mimic real campaign personnel to deceive targets into downloading malicious files, clicking phishing links, or attending compromised meetings that could be recorded and leaked. Lord noted the domain used in this incident was registered in a foreign country but cautioned that domain registration alone does not confirm the attacker’s origin or affiliation. He reiterated the difficulty of attribution and confirmed that authorities had been notified. The Sanders campaign publicly acknowledged the incident, with spokesperson Mike Casca specifying the domain was registered in Russia while clarifying that this did not inherently link the activity to the Russian government or state-sponsored hackers. Casca stated the incident demonstrated the effectiveness of existing cybersecurity measures adopted by the DNC and campaigns but affirmed the need for continued vigilance.
The impersonation attempt occurred amid heightened concerns about foreign interference in the 2020 U.S. election. Senator Sanders disclosed that U.S. officials had briefed him approximately one month prior to the incident about Russian efforts to bolster his campaign as part of a broader strategy to destabilize the electoral process. The Sanders campaign assessed this impersonation scheme aligned with Russia’s objective to foster discord within the Democratic Party and the electorate. The DNC’s response focused on rapid notification to campaigns, reinforcing awareness of impersonation tactics without speculating on the attacker’s identity or capabilities. No evidence suggested the impersonator successfully extracted information or compromised campaign systems during these interactions. The incident underscored ongoing challenges in defending against socially engineered attacks exploiting political divisions, though no operational disruptions or data breaches were reported as a direct consequence. Both the DNC and the Sanders campaign emphasized adapting defenses based on lessons from such attempts while maintaining existing security protocols.