Security firm Lookout detected the phishing site, which tried to spoof the login page for the online database. It’s not clear who’s behind the effort, but the FBI has been notified.
The Democratic National Committee is once again the target of hackers, and this time they’re going after the organization’s voter database.
Hackers sought to break into the DNC database earlier this week, according to mobile security provider Lookout. The firm’s AI-powered software discovered a phishing site that tried to spoof the login page to a Democratic Party online database called VoteBuilder, which holds information on registered voters and volunteers.
Whoever created the phishing site was probably trying to trick Democratic Party officials into visiting it. Any information typed into the login page, such as passwords, would’ve been secretly logged and handed over to the hackers.
Lookout told PCMag that it notified the DNC and alerted the domain’s hosting provider, Digital Ocean, which acted quickly to take down the site.
Heads up @digitalocean, engines have identified a phishing campaign targeting a group with strong links to [$political party]. The campaign targets the org VPN concentrator and went live an hour ago. Please have your security team reach out.
„At this time, Lookout isn’t attributing this attempt to any specific actor,“ the security firm said in an email.
So far, the DNC hasn’t publicly commented on the hacking attempt. But according to CNN, Democratic officials have no reason to believe the voter database was breached. Nevertheless, they contacted the FBI about the incident.
In 2016, the DNC was the target of a high-profile breach that’s been blamed on Russian government-sponsored cyberspies who were attempting to influence the presidential election. The attackers stole troves of confidential information, including opposition research on then-presidential candidate Donald Trump along with sensitive emails from DNC officials that were later leaked online.
This new attempt to breach the DNC comes as Microsoft has also detected hackers creating phishing sites to target US think tanks and political groups. On Monday, the company said these phishing efforts were linked to a notorious Russian state-sponsored hacking group called Fancy Bear or APT 28.
All six phishing domains Microsoft uncovered have been shut down. Nevertheless, US officials are warning that Russian-sponsored hackers may very well try to disrupt the midterm elections in November.
