On August 22nd, the Democratic National Committee made a press release stating that a cybersecurity service provider had alerted them of a phishing page that was stood up to target their Votebuilder website. The investigation was escalated to the FBI and immediately Russia was suspected due to previous attack activity from 2016.
A day later, the Democratic National Committee came out and stated that the event had been a false alarm and was actually an authorized penetration test being performed against the Michigan Democratic Party.
While some bad press was received regarding the matter, many cybersecurity professionals attempted to give some praise for the DNC gaining the capability to quickly detect and report the attack. Because of the miscommunication between the DNC and Michigan Democratic Party, penetration tests and red team activity will likely be coordinated between the groups in the future.
Proficio Threat Intelligence Recommendations:
- Validate that any red team or penetration test activity performed is coordinated in some way with subsidiaries and business partners that might be affected.
- Employ two factor authentication for public facing web services that might be a target for hackers to use in a phishing campaign.
Reporting before discovery of mix-up – Click Here
Reporting after discovery of mix-up – Click Here