As the Democratic National Convention (DNC) gets underway in Chicago from August 19 to 22, a Telegram-based bot service called “IntelFetch” has been harvesting compromised credentials linked to the DNC and Democratic Party websites.

The stolen data, identified and verified by ZeroFox researchers, included compromised credentials for the DNC chapters in Washington and Idaho, and other sensitive information, including credentials of party members and delegates.

The exposed data consists of email addresses and passwords, mainly of users registered on ‘demconvention.com’, ‘democrats.org’ and related domains.

The report noted that while the breach did not appear to result from a targeted attack, it poses a “significant risk of unauthorized access” to sensitive systems within the Democratic Party and the DNC. Such access could allow malicious actors to infiltrate protected systems, gain access to confidential information, and potentially disrupt party operations, compromising the security and integrity of the DNC and other critical activities.

There is, of course, a history of state-sponsored threats targeting the DNC and other US political targets; in 2016, there was the Russian advanced persistent threat known as APT28 or Fancy Bear hacked the DNC websiteas well as Hillary Clinton’s campaign and the Democratic Congressional Campaign Committee.

Using lower level victims to target those at the top

Lewis Shields, Director of Dark Ops at ZeroFox, says that anyone attending the convention should be viewed by both DNC organizers and the individuals themselves as a potential and attractive target for cyber threat actors.

“Threat actors can target participants directly and use their access to move on to higher value targets,” he tells Dark Reading. “The recent reported hacks against political targets indicates that even those loosely involved in policymaking can be used to target those with more influence.”

Shields explains that the details of the alleged hack on the Trump campaign that came to light yesterday, the subsequent revelation that the Biden-Harris campaign was also targeted, and ZeroFox’s own research all indicate that cybercriminals are using the tactic to work their way up to the top.

For example, an FBI source told NBC News that the agency was investigating attempted hacks of three Biden-Harris campaign staffers and former Trump adviser Roger Stone.

Overall, he said, “it is almost certain that this election will be a target for foreign cyber threat actors given the many geopolitical disputes and the relative obscurity of the candidates on foreign policy.”

Foreign governments are therefore likely to want to obtain as much information as possible about potential policy decisions.

“Threat actors who cannot send diplomats to meet with candidates are more likely to attempt to obtain the information through cyberespionage campaigns or other malicious activities,” Shields said.

Cybersecurity threats target elections worldwide

Election security is seen as a critical issue as 2024 is a pivotal year for global democracy, with a record number of national elections taking place worldwide — although cyber attacks on election campaigns go back decades.

Chains of attacks on the kitchen sink — complex, multi-faceted strategies that use multiple attack methods and techniques to compromise a target — have emerged as one of the most serious modern threats.

FBI Director Christopher Wray warned in January of “chaos” during this year’s election, identifying China as the biggest threat. most formidable threat actorwhile it is likely that other malicious nation-state actors will launch campaigns and possibly focuses on the election infrastructure itself.

In addition to direct attacks, governments are also battling disinformation spread during election season, and the rise of deepfake images and video clips produced by generative AI (GenAI) is raising concerns among cybersecurity professionals. deepfake robocall impersonating President Biden has already happened.

To combat this rapidly evolving threat, local governments are encouraged to communicate transparently with residents through regular updates, public meetings and community collaboration to build and maintain trust.

Shields notes that cybersecurity has become an important aspect of national security strategies and policies, especially given the current geopolitical context where foreign policy and armed warfare go hand in hand with cyber campaigns.

From his perspective, any policy discussions on continued support for Ukraine, limiting China’s access to advanced technologies, and US policy in the Middle East must include cybersecurity measures at the design and concept stage.

“The days when cybersecurity issues were considered a side issue and only discussed by cybersecurity experts are over,” he explains.