Cyber Incident Victim: Wisconsin Republican Party
Date:
Oct 2020
Location:
United States of America
Summary
The Wisconsin Republican Party fell victim to a business email compromise attack where cybercriminals impersonated legitimate vendors through forged invoices, diverting funds intended for campaign activities. Attackers demonstrated familiarity with party operations, stealing a significant sum while the organization maintained full operational capacity; the incident involved vendors supplying promotional materials and direct mail services, prompting FBI involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 22, 2020, the Wisconsin Republican Party (WisGOP) discovered a phishing attack that led to a Business Email Compromise (BEC) incident, resulting in the theft of $2.3 million intended to support Donald Trump’s re-election campaign. The party promptly notified the FBI after identifying that attackers had forged invoices impersonating legitimate WisGOP vendors. Cyber-criminals executed the attack by compromising email communications, monitoring exchanges between the party and its vendors, and subsequently altering invoices to replace legitimate banking details with their own. State party chairman Andrew Hitt characterized the incident as a "sophisticated phishing attack" involving wire fraud, noting the perpetrators demonstrated familiarity with state party operations during the critical final campaign period. The stolen funds were allocated for procuring pro-Trump merchandise, including hats for distribution at rallies, and direct mail services. Despite the financial loss, WisGOP asserted its operations continued at full capacity with deployed resources to support Trump’s Wisconsin campaign efforts.
The incident carried heightened significance due to Wisconsin’s status as a pivotal swing state, which Trump had won by approximately 20,000 votes in the 2016 election. The theft impacted campaign resources during a period of intensified pre-election mobilization. DomainTools senior security advisor Chad Anderson contextualized the attack within broader BEC trends, noting criminals increasingly favor targeted phishing over broad campaigns, leveraging platforms like LinkedIn to research organizational staff. The FBI had previously reported BEC as the costliest cybercrime category in 2019, responsible for $1.8 billion in losses. WisGOP’s public disclosure on October 29, 2020—one week after detection—emphasized operational continuity while underscoring the tactical precision of the attack during the campaign’s final phase. No additional technical details regarding detection methods, containment procedures, or specific vendor compromises were disclosed in the party’s statement or subsequent reporting.