(Reuters) – Hackers believed to be working for the Russian government broke into the Democratic National Committee’s computer network, spied on internal communications and accessed research on presumptive Republican presidential nominee Donald Trump, the committee and security experts said on Tuesday.
Two separate groups entered the DNC’s system, and one read email and chat communications for nearly a year before being detected, according to the committee and CrowdStrike, the cyber firm that helped clean up the breach.
Russian spies also targeted the networks of Trump and Democratic presidential candidate Hillary Clinton, as well as the computers of some Republican political action committees, the Washington Post quoted U.S. officials as saying, although details were not available.
A Clinton campaign official said there was no evidence the campaign’s information systems had been hacked.
A Russian government spokesman denied involvement in the breach.
“I completely rule out a possibility that the (Russian) government or the government bodies have been involved in this,” Dmitry Peskov, a Kremlin spokesman, told Reuters in Moscow.
The intrusion is emblematic of the sophistication of Russian hackers, who intelligence officials have long viewed as the most talented of U.S. adversaries in cyberspace.
The Democratic Party had been aware of efforts to hack Trump material for two months, and U.S. intelligence agencies were involved in efforts to find out who was behind the hacking, a source familiar with Trump opposition research said.
The source said Democratic Party operatives believed the hacking was conducted by the Russian government. The research includes material on Trump’s business efforts in Azerbaijan, Georgia, Serbia and Russia, according to information made available to Reuters.
Cyber attacks against political candidates and organizations are common worldwide. U.S. National Intelligence Director James Clapper said last month he was aware of attempted hacks on campaigns and related groups and he expected to see more as the Nov. 8 presidential election nears.
U.S. Representative Jim Langevin, a Democrat and co-founder of the congressional cybersecurity caucus, said it was “disconcerting” that independent groups penetrated the DNC and that one was able “to stay embedded for nearly a year.”
But the groups are extremely sophisticated, Langevin said, and have previously been implicated on attacks at the White House, the State Department and the German Bundestag, as well as a number of private companies.
Russian bears on the loose
The DNC contacted CrowdStrike in May and within 24 hours it began investigating unusual activity on the group’s network, said Dmitri Alperovitch, the company’s co-founder and chief technologyofficer. It identified two hacking groups and both were kicked out this weekend, he said.
The first, which CrowdStrike named Cozy Bear, entered the DNC’s systems last summer, according to the firm. It primarily monitored email and chat conversations and may be working for Russia’s Federal Security Service, or FSB, Alperovitch said.
Russian President Vladimir Putin once ran the FSB.
The second group, nicknamed Fancy Bear, is probably working on behalf of Russia’s military, Alperovitch said. It gained entry in late April and “went straight to the oppo research … on Donald Trump and exfiltrated some of it,” he said.
Alperovitch said both groups were among “the best threat actors that we’ve ever encountered” but they did not appear to be working together. He was not sure how the intrusions occurred but suspected the hackers may have leveraged “spearphishing” emails to trick DNC employees into downloading malicious code onto their network.
“When we discovered the intrusion, we treated this like the serious incident it is,” Rep. Debbie Wasserman Schultz, chairwoman of the DNC, said in a statement. “Our team moved as quickly as possible to kick out the intruders and secure our network.”
Trump’s interest in Russia goes back to the 1980s, with a 1990 Vanity Fair article citing news program appearances in which Trump offered his own services as a negotiator with Russia.
Information made available to Reuters indicates Trump tried on at least three occasions – in 2004, 2008 and 2013 – to get involved in business deals in Russia.
In 2013, he and an Azerbaijani-Russian oligarch, Aras Agalarov, jointly put on a Miss Universe competition in Moscow, and Trump was photographed with Agalarov’s wife, son and daughter.
The last two U.S. presidential cycles in 2008 and 2012 witnessed a barrage of cyber attacks from a range of adversaries targeting President Barack Obama’s campaign and the campaigns of his Republican foes.
U.S. intelligence officials have said many previous assaults were linked to Chinese hackers.
(Reporting by Dustin Volz, Amanda Becker, Emily Stephenson, Roberta Rampton and Susan Heavey in Washington and Vladimir Soldatkin in Moscow; Additional reporting by Mark Hosenball in Zurich; Writing by John Whitesides and Mohammad Zargham; Editing by James Dalgleish)