Virtual Event Today: Cyber AI & Automation Summit - Register/Login Now
Connect with us

Hi, what are you looking for?



Attack on DNC Part of Simulated Phishing Test

UPDATED. A recent phishing attack aimed at the Democratic National Committee’s voter database was actually part of a simulation, researchers and representatives of the Democratic Party confirmed.

UPDATED. A recent phishing attack aimed at the Democratic National Committee’s voter database was actually part of a simulation, researchers and representatives of the Democratic Party confirmed.

Cybersecurity firm Lookout this week came across a custom phishing website apparently aimed at the Democratic National Committee (DNC), specifically its VoteBuilder service.

The phishing site mimicked a login page of NGP VAN, a technology provider for the Democratic Party, and was hosted by DigitalOcean.

Lookout immediately notified the DNC, NGP VAN and DigitalOcean, and the phishing page was removed within hours, before any credentials were compromised. The FBI was also informed and an investigation was launched.

However, after further analysis, the DNC now believes the fake website was actually created by a third-party as part of a “simulated phishing test on VoteBuilder.”

“The test, which mimicked several attributes of actual attacks on the Democratic party’s voter fil­e, was not authorized by the DNC, VoteBuilder nor any of our vendors,” explained Bob Lord, the DNC’s chief security officer.

“There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn’t an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks,” Lord added.

Mike Murray, who leads Lookout’s intelligence team, confirmed that it was a false alarm.

Advertisement. Scroll to continue reading.

“The thing about ‘false alarms’ is that you don’t know that they’re false until you’ve showed up to investigate,” Murray said on Twitter. “All the folks who pulled together on this were amazing, and had this been a real attack, would have stopped something terrible.”

According to PCMag tech reporter Michael Kan, the phishing test was actually commissioned by the Michigan Democratic Party, but without authorization from the DNC.

SecurityWeek has reached out to the Michigan Democratic Party for comment and will update this article if the organization responds.

“I would […] not call this a TEST as the phishing attempt was being conducted on a live production system against real people,” Joseph Carson, chief security scientist at Thycotic, told SecurityWeek. “The positive side is that newer technology is helping organizations identify such threats earlier however, this did raise a major issue to attribution and the source of the hacks because as we know, many cyberattacks utilize third party vendors,”

“I would actually handle this incident as an attempted cyberattack since the DNC has confirmed it was not authorized or approved so therefore a full incident and digital forensics process should be carried out even though it was a so-called test,” Carson said.

UPDATE. The Michigan Democratic Party has confirmed for SecurityWeek that this was in fact a test conducted by its partners. MDP Chair Brandon Dillon provided the following statement:

“We have taken heightened steps to fortify our cybersecurity – especially as the Trump Administration refuses to crack down on foreign interference in our elections. In an abundance of caution, our digital partners ran tests that followed extensive training. Despite our misstep and the alarms that were set off, it’s most important that all of the security systems in place worked. Cybersecurity experts agree this kind of testing is critical to protecting an organization’s infrastructure, and we will continue to work with our partners, including the DNC, to protect our systems and our democracy.”

Related: Russian Hackers Breach US Democratic Committee Database

Related: Microsoft Disrupts Election-Related Domains Used by Russian Hackers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...