The DNC's complaint is part of an ongoing lawsuit against Russia, WikiLeaks, Donald Trump's presidential campaign and other key individuals. | Saul Loeb/AFP/Getty Images Cybersecurity DNC says it was target of Russia cyberattack after 2018 midterms

The Democratic National Committee filed a legal complaint Thursday night alleging that it was the target of a cyberattack by Russia one week after the 2018 midterm elections.

"In November 2018, dozens of DNC email addresses were targeted in a spear-phishing campaign, although there is no evidence that the attack was successful," the DNC alleged, according to court documents filed to the District Court of the Southern District of New York. "The content of these emails and their timestamps were consistent with a spear-phishing campaign that leading cybersecurity experts have tied to Russian intelligence."


The complaint is part of an ongoing lawsuit against Russia, WikiLeaks, Donald Trump's presidential campaign and other key individuals.

According to the complaint, the timing as well as the content of the spearphishing emails match the practices of Russian hacking group Cozy Bear, one of two Kremlin-tied groups that hacked the DNC in 2016, according to the complaint. Spear-phishing is a cyberattack tactic in which hackers send emails that appear to come from a trusted sender to try to get the targeted individuals to reveal confidential information.

"Therefore, it is probable that Russian intelligence again attempted to unlawfully infiltrate DNC computers in November 2018," the DNC said in its filing.

The malicious emails targeted a wide range of party officials, from junior staff to some of the party's most senior ranks including people at the "director" level, according to a Democratic official who requested anonymity to discuss a security incident. DNC directors oversee portfolios such as grassroots mobilization, data science, African-American media outreach and state operations.

The emails were almost identical to the ones attributed to Cozy Bear sent to a wide range of targets last year, the Democratic official told POLITICO. In a report on those attacks, the security firm FireEye said that it discovered them on Nov. 14, the same day that the DNC said it received the new emails.

Attached to the emails was the same fake State Department internship application form shown in FireEye's report, the Democratic official said. Other aspects of the emails, including the description of the attachment, also matched the campaign detailed by FireEye.

Morning Cybersecurity A daily briefing on politics and cybersecurity — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Once the DNC learned about the messages, it looked for evidence of the infected email attachments dropping malware on party computers and found nothing. It then worked with security consultants to verify its internal assessment. The Democratic official told POLITICO that the party was confident that no one opened the attachments and unleashed the malware.

The DNC has not said how or when it discovered the new spearphishing messages, but the Democratic official said the committee had formal and informal partnerships with a variety of security firms and tech companies. A third party may have alerted the DNC to the emails, possibly after receiving some itself.

The DNC has not received any more Russian spearphishing emails since the mid-November campaign, according to the Democratic official.

In the complaint, the DNC also suggested that the president's denial of Russia's interference in the 2016 election, his continued criticism of special counsel Robert Mueller's Russia probe and some of his policies that the committee characterized as favoring Russia, are part of the alleged collusion between Trump's presidential campaign and the Russian government.