They had
observed multiple phishing targets at hillaryclinton.com, dnc.org and personal gmail accounts of
campaign officials and surmised that one of these targets at DNC must have been tricked by the phishing
campaign, from which APT28 obtained access to the DNC server.