Story highlights Clinton campaign staffers believed attempted hack email was "legitimate"

Cybersecurity experts see direct link to Russian cyberespionage group

(CNN) A phishing email sent to Hillary Clinton campaign chairman John Podesta may have been so sophisticated that it fooled the campaign's own IT staffers, who at one point advised him it was a legitimate warning to change his password.

The stolen email thread, released by WikiLeaks Friday, also provides the most direct evidence yet that the Russian government was behind the damaging hack into the Clinton campaign, according to a private cybersecurity company.

The thread shows a Clinton campaign staffer writing that a phishing email sent to Podesta's Gmail account on March 19, 2016, is "legitimate," though the staffer advises him to go through Google's official procedures to update his password. It's not clear if Podesta gave hackers his password before he was advised by his staff, or if the email in question was the one that led to the hack.

The Clinton campaign has not commented directly on the hacked emails and CNN cannot independently verify their authenticity.

On its face, the source of the potentially dangerous email is Google, but a closer look at the actual mailing address shows an unfamiliar or bogus-looking account: "no-reply@accounts.googlemail.com."

Read More