As first reported by Motherboard, researchers at the cybersecurity firm SecureWorks discovered that “Fancy Bear,” a hacking group experts believe is tied to the Russian military, sent the Bitly links to the email accounts of staffers at the DNC, the Democratic Congressional Campaign Committee (DCCC), as well as former Secretary of State Colin Powell, and Podesta.
The Bitly links, sent in emails that appeared to come from Google, redirected to a fake Google login page that handed the passwords over to the attackers—an attack known as spear-phishing. The links were created, according to SecureWorks, by an account controlled by Fancy Bear operatives.
Security firms SecureWorks and Crowdstrike have both linked Fancy Bear to the DNC hack. Threatworks and Fidelis linked Fancy Bear to the DCCC hack. This revelation, however, is the first concrete link between the hack of the Democratic National Committee (DNC) and Podesta.
The growing pile of evidence linking Russia to cyberattacks against Democratic Party institutions and senior Clinton campaign staff follows WikiLeaks publication of emails stolen from DNC staffers and the ongoing release of some 50,000 emails stolen from Podesta. The DNC leak resulted in the resignation of former DNC chair Rep. Debbie Wasserman Schultz (D-Fla.) and other senior DNC staffers ahead of the party’s convention in July, while revelations in the Podesta emails continue to dominate Republican nominee Donald Trump‘s attacks against Clinton.
The email containing the infected link was sent to Podesta on March 19, Motherboard reports. WikiLeaks began publishing his emails nearly six months later, on Oct. 9.
WikiLeaks has characterized attempts to name Russian intelligence as the source of the Podesta emails as irresponsible speculation.