The first hack of Dr. Hans Keirstead’s congressional campaign came in the form of a phishing e-mail. In August 2017, the California Democratic candidate reportedly received a fake Microsoft Office e-mail prompting him to enter his password. He did so, but quickly realized the e-mail had been malicious, and advised his staffers to take the appropriate precautions. But the attacks didn’t stop there. In December, hackers or bots began to enter different username and password combinations in an effort to access the campaign’s Web site—the siege lasted for two and a half months. What’s more, according to records obtained by Rolling Stone, the campaign also sustained some 130,000 “brute-force attempts” to access the server that hosted its Web site, and in January, according to its digital consultant, several attempts were made to access its Twitter account.

According to campaign e-mails, only the spear-phishing attack was successful, and Keirstead’s campaign says the hacks did not ultimately influence election results. (Keirstead came in third in California’s “top-two” primary on June 5, falling 125 votes short of the second-place finisher, Democrat Harley Rouda.) In a vacuum, the attacks would be cause for concern. But they’re particularly alarming as the number of reported incidents of election meddling climbs ahead of 2018 midterms. “It is clear from speaking with campaign professionals around the country that the sustained attacks the Keirstead for Congress campaign faced were not unique,” Keirstead campaign manager Kyle Quinn-Quesada told Rolling Stone, “but have become the new normal for political campaigns in 2018.”

Similar phishing attacks have been reported by the campaign for Democratic Senator Claire McCaskill—according to the Daily Beast, Russian operatives tried and failed to access the McCaskill campaign’s data using a variant of the password-stealing technique employed by “Fancy Bear” hackers who targeted Hillary Clinton campaign chairman John Podesta in 2016. (In that instance, hackers sent fake e-mails to targets alerting them that their Microsoft Exchange password had expired, and asking them to enter a new one.) Last month, Microsoft revealed that it had detected and blocked hacking attempts against three different congressional candidates so far in 2018; the hackers, Microsoft V.P. of security and trust Tom Burt, announced at the Aspen Security Forum, had used “a fake Microsoft domain . . . as the landing page for phishing attacks.” Separate attempts at meddling have occurred on social-media sites. A few weeks ago, Facebook announced that it had discovered new, malicious accounts on Facebook and Instagram designed to influence elections by targeting divisive social issues, similar to the effort put forth by the Russia-linked Internet Research Agency in advance of the 2016 election. The operators behind the 17 profiles and 8 Pages, which were set up between March 2017 and May 2018, appeared to be more sophisticated, disguising their identities more effectively than the I.R.A.

Despite their resemblance to the hacks on McCaskill and Podesta, it’s still unclear who perpetrated the attacks on Keirstead; experts suggest it could be any number of parties, including a hacker with an agenda, an organized-crime unit, or a nation-state. But one of Keirstead’s potential opponents in the 48th district’s general election was Rep. Dana Rohrabacher, a pro-Russia, pro-Trump politician known as “Putin’s favorite congressman.” Rohrabacher’s record of Russian sympathies is so extensive that in 2012, the F.B.I. and senior members of the House Intelligence Committee took him aside to warn him that Russia could attempt to recruit him as an asset. (“How stupid is that?” Rohrabacher asked rhetorically in a recent interview with *The New York Times.*) He’s also voted against Russian sanctions, attempted to scrub Russian anti-corruption activist Sergei Magnitsky’s name from the Global Magnitsky Act, and has something of a history of associating with key figures in Robert Mueller’s Russia investigation, including Alexander Torshin, Michael Flynn, and Julian Assange. (Rohrabacher’s campaign did not respond to Rolling Stone’s request for comment.)

Unlike in the case of the infamous 2016 D.N.C. hack, the Democratic Party appears to have reacted quickly to reports from Keirstead’s campaign, with senior D.C.C.C. officials alerting the F.B.I. If the bureau has uncovered the culprit, it hasn’t informed the campaign. But Quinn-Quesada said he’s heard from other campaign operatives who’ve had similar experiences. “The targets aren’t just high-profile statewide candidates or elected officials,” he said. “Individual congressional campaigns are being targeted on a regular basis.” The White House, too, has warned of an ongoing effort to influence U.S. elections: “The warning lights are blinking red again,” said Director of National Intelligence Dan Coats last month. “Today, the digital infrastructure that serves this country is literally under attack.” Yet the Trump administration has done painfully little to prevent these attacks. And with less than three months to go before Americans turn out to the polls en masse, they show no sign of abating.