Thursday, November 14, 2024

DNC Credentials Compromised by ‘IntelFetch’ Telegram Bot

As the Democratic National Convention (DNC) is set to kick off in Chicago Aug. 19-22, a Telegram-based bot service called “IntelFetch,” has been aggregating compromised credentials linked to the DNC and Democratic Party websites.

The stolen data, identified and verified by ZeroFox researchers, includes compromised credentials from the Washington and Idaho state branches of the DNC, and other sensitive information, including logins for party members and delegates.

The exposed data includes email addresses and passwords, primarily from users registered on “demconvention.com,” “democrats.org,” and related domains.

The report noted that although the breach did not appear to stem from a targeted attack, it presents a “significant risk of unauthorized access” to sensitive systems within the Democratic Party and the DNC. Such access could allow malicious actors to infiltrate secure systems, access confidential information, and potentially disrupt party operations, jeopardizing the security and integrity of the DNC and other critical activities.

There is, of course, a history of state-sponsored threats targeting the DNC and other US political targets; in 2016 the Russian advanced persistent threat known as APT28 or Fancy Bear hacked into the DNC website, as well as the Hillary Clinton campaign and the Democratic Congressional Campaign Committee.

Using Lower-Level Victims to Target the Top

Lewis Shields, director of dark ops at ZeroFox, says that everyone attending the convention should be perceived — by both the DNC organizers and the individuals themselves — as a potential and attractive target for cyber threat actors.

“Threat actors may target attendees directly and leverage their access to move on to higher-value targets,” he tells Dark Reading. “The recent reported hacks against political targets indicates that even those loosely connected to policymaking may be used to target those who are more influential.”

Shields explains that the details of the reported Trump campaign hack that came to light yesterday, the subsequent disclosure that the Biden-Harris campaign was also targeted, and ZeroFox’s own research all indicate threat actors are taking the “work your way up the ladder” tack.

For instance, an FBI source told NBC News that the agency was investigating attempted hacks on three Biden-Harris campaign staffers, and on former Trump advisor Roger Stone.

In general, “this election is almost certainly a target for foreign cyber threat actors because of the myriad geopolitical disputes as well as the relative foreign policy unknowns among the candidates,” he notes.

Foreign governments are therefore very likely eager to obtain as much information on potential policy decisions as possible.

“Threat actors who cannot send diplomats to engage with candidates are more likely to attempt to obtain the information via cyber espionage campaigns or other malicious activity,” Shields says.

Cybersecurity Threats Target Elections Globally

Election security is seen as a critical issue as 2024 marks a pivotal year for global democracy, with a record number of national elections taking place worldwide — though cyberattacks on election campaigns go back decades.

Kitchen sink attack chains — complex, multi-faceted strategies deploying variety of different attack methods and techniques to compromise a target — have emerged as one of the most serious modern threats.

Back in January FBI director Christopher Wray warned of “chaos” during this year’s election, singling out China as the most formidable threat actor, though other nation state malicious actors are likely to deploy campaigns and possibly target election infrastructure itself.

Beyond direct attacks, governments are also battling misinformation distributed during the election season and the rise of generative AI (GenAI) produced deepfake images and video clips is worrying cybersecurity professionals — a deepfake robocall impersonating President Biden has already occurred.

To combat this rapidly evolving threat, local governments are encouraged to engage transparently with residents through regular updates, public meetings, and community partnerships to build and maintain trust.

Shields notes that cybersecurity has become a core tenant of national security strategies and policies, especially given the current geopolitical context where foreign policy and armed warfare are occurring alongside cyber campaigns.

From his perspective, any policy discussions regarding ongoing support for Ukraine, restricting China’s access to advanced technologies, and US policy in the Middle East, must include cybersecurity protections in the design and drafting stages.

“The days of cybersecurity concerns being relegated to secondary discussed only among cybersecurity experts has ended,” he explains.


Related Articles

Latest Articles