Podesta unwittingly gave hackers access to his account by clicking a Bitly link that redirected him to a fake Google login page, where he entered his credentials. | Getty Russian hackers infiltrated Podesta's email, security firm says

Hillary Clinton campaign chairman John Podesta’s Gmail account was hacked by the same Russian intelligence-linked hackers that breached the DNC and the DCCC, researchers confirmed Thursday, spurring Clinton's team to immediately lash out at Donald Trump over his ongoing reluctance to blame Moscow for the spate of election-related hacks.

The GOP nominee is now President Vladimir Putin's "puppet," said Clinton's top foreign policy adviser Jake Sullivan, who added that the latest findings are proof that the Kremlin "is trying to help Donald Trump."


"It's time for Trump to tell the American people what he knew about these hacks and when he knew it," Sullivan said.

Trump has repeatedly declined to directly blame Russia for the election season hacks that have targeted political organizations and senior officials.

"She has no idea whether it's Russia, China or anyone else,” Trump said during Wednesday’s debate.

But based on new information, it now seems clear that Podesta unwittingly gave Russian hackers access to his Gmail account by clicking a Bitly link that redirected him to a fake Google login page, where he entered his credentials.

According to the cybersecurity firm SecureWorks, the fake Google domain in that link — first reported Thursday by Motherboard — matches one the hacker group Fancy Bear has employed in a wide-ranging spear-phishing campaign that has also targeted major U.S. political institutions, Clinton campaign figures and other top officials.

“The Google-spoofing domain in the Motherboard article is one we observed used by Fancy Bear,” SecureWorks researcher Tom Finney told POLITICO in an email.

Security researchers have long tied Fancy Bear to Russia's military intelligence agency, the GRU.

The Obama administration recently took the unprecedented step of blaming senior Russian officials for orchestrating the series of digital break-ins at the DNC and DCCC, but has not yet officially accused Moscow of being behind the Podesta hack.

Motherboard’s story included a redacted screenshot of the malicious Bitly link’s analytics page that showed the Podesta link redirecting to Fancy Bear’s fake Google domain. POLITICO independently reviewed the Bitly link’s analytics page and confirmed with SecureWorks that the domains matched.

Fancy Bear customized spear-phishing links for each target, encoding their email addresses within them.

In a statement, Bitly Chief Technology Officer Rob Platzer said the "links and accounts related to this situation were blocked as soon as we were informed.”

Platzer cautioned that Bitly itself was not compromised.

"This is not an exploit of Bitly, but an unfortunate exploit of internet users through social engineering,” he said.

In June, SecureWorks first described Fancy Bear’s monthslong campaign, which it said targeted staffers at the Clinton campaign and the DNC.

The same month, security firm CrowdStrike also pointed the finger at Fancy Bear for the DNC hack.

Security firms ThreatConnect and Fidelis subsequently linked Fancy Bear to the DCCC intrusion, as well.

Over time, Fancy Bear has relied on an IP address to host several fake Google domains, including the one used to target Podesta and another to go after Clinton staffer William Rinehart. Finney confirmed that SecureWorks had found another Bitly link made for Rinehart.

Thomas Rid, a security professor at King's College London, published a comprehensive overview Thursday of Russia’s recent cyberattack campaign.