Compromised DNC credentials found on Telegram bot, cyber firm says
Security researchers with ZeroFox identified stolen login information from Democratic-aligned accounts ahead of the party’s presidential nominating convention, but noted that some records “were previously observed in private threat actor-operated repositories.”
A Telegram-based bot service has been collecting compromised credentials from accounts associated with the Democratic Party ahead of the Democratic National Convention later this month, according to a report released on Wednesday by ZeroFox.
The cybersecurity firm’s assessment — which reviewed potential threats to the DNC ahead of its presidential nominating convention in Chicago next week — warned that the identified “IntelFetch” bot had been aggregating login information that could be leveraged “to infiltrate secure systems, access confidential information and disrupt operations.”
ZeroFox security researchers located accounts associated with “demconvention[.]com” and "democrats[.]org," as well as “those of users registered on the Democratic Party's official site.” The report also noted that specific “domains and email addresses” from the Democrats’ Washington and Idaho state offices were identified among the compromised credentials.
“The exposed data, consisting predominantly of URLs paired with login credentials or login pairs, appears to originate from botnet logs and third-party data breaches,” the report said, adding that “while this exposure does not seem to result from a targeted attack, it poses a risk of unauthorized access to sensitive systems and information within the Democratic Party and the DNC.”
The report was unclear, however, as to whether the credentials had been compromised recently or had been disclosed during a previous cyber incident. ZeroFox noted that some of the records it found “were previously observed in private threat actor-operated repositories.”
Russian hackers previously gained access to email accounts associated with the DNC and the campaign of Hillary Clinton in the run-up to the 2016 presidential election, with the illicitly acquired information ultimately being disclosed on the WikiLeaks platform.
A representative for the Democratic National Convention Committee declined to comment about Wednesday’s report.
Although political candidates, election officials and government staffers have taken steps to shore up their cyberdefenses in recent years, foreign adversaries and other hostile groups are continuing to successfully exploit security vulnerabilities.
The campaign of former President Donald Trump confirmed on Saturday that a high-ranking official with the campaign had been hacked by “foreign sources hostile to the United States.” Politico also reported that an individual had contacted the outlet to disclose an internal research dossier that had been compiled as part of the Trump campaign’s vetting of his eventual running mate, JD Vance.
The FBI announced earlier this week that it was investigating attempted hacks targeting the Trump campaign and the Biden-Harris campaign. Agency officials said they also believe Iran is responsible for a series of phishing attacks that targeted staffers associated with both campaigns, which took place before President Joe Biden announced that he would not be running for reelection.