The Democratic National Committee is warning presidential campaigns that someone has been impersonating a Bernie Sanders staffer through a domain registered in a foreign country, with the intention of contacting at least two other campaigns.
The chief security officer for the DNC, Bob Lord, said in an email obtained by CyberScoop that adversaries could use the fake personas to set up phone calls or meetings with presidential campaign staffers.
“They may impersonate people in the hopes that you will download suspicious files, or click on a link to a phishing site. Sometimes they seek to set up a call or an in-person meeting with the intent to record and publish the interaction,” Lord wrote Wednesday.
It wasn’t clear if the actor or actors behind the impersonation successfully interacted with staffers at the campaigns they contacted.
“If you receive any emails from a domain that you do not recognize or think is suspicious, please forward them to [the DNC] and do not interact further with them,” Lord wrote.
The Sanders campaign said the domain was registered in Russia, according to the Associated Press, which first reported the news. That doesn’t necessarily mean the actors responsible for the scheme are Russian or are physically located in Russia, Lord said.
“[A]ny individual can register a domain name in any particular country,” Lord wrote. “Attribution is notoriously hard.”
It was unclear whether the impersonation was part of any broader effort to interfere in the U.S. electoral process. Sanders, an independent senator from Vermont, said last week that U.S. officials had told him that Russia was trying to boost his campaign as part of Moscow’s interference in the 2020 election.
The Democratic Party has ramped up security since 2016 when the DNC and the Democratic Congressional Campaign Committee suffered breaches at the hands of Russian hackers, and when John Podesta, Hillary Clinton’s campaign chair, was the victim of a Russian spearphishing hack-and-dump campaign.
The DNC and other campaign arms, including the Republican National Committee and the National Republican Congressional Committee, have been using Duo Security to help keep hackers out of party accounts, CyberScoop previously reported.
Lord warned Democratic campaigns against using alternate domains that are not official campaign domains.
“Campaigns should be using official campaign domains for all business,” Lord said, adding that campaigns and staff should “not use your personal mail account for official business.”
The DNC said it notified the “appropriate authorities” of the impersonation activity.