Citing a report from SecureWorks, BuzzFeed is reporting that Russian hackers “used emails disguised to look as Gmail security updates to hack into the computers of the Democratic National Committee and members of Hillary Clinton’s top campaign staff”:
The emails were sent to 108 members of Democratic presidential nominee Hillary Clinton’s campaign and 20 people clicked on them, at least four people clicking more than once, Secureworks’ research found. The emails were sent to another 16 people from the DNC and four people clicked on them, the report said.
Researchers found the emails by tracing the malicious URLs set up by [state-sponsored hacking group] Fancy Bear using Bitly, a link shortening service… “We were monitoring bit.ly and saw the accounts being created in real time,” said Phil Burdette, a senior security researcher at SecureWorks, explaining how they stumbled upon the the URLs set up by Fancy Bear.
The URL apparently resolved to accounts-google.com (rather than accounts.google.com), and Burdette says “They did a great job with capturing the look and feel of Google.”
Read more of this story at Slashdot.