In two influential articles in June 2016, immediately following the Crowdstrike announcement, SecureWorks (June 16 here and June 26 here) purported to connect the DNC hack to a 2015 - 6
phishing campaign which they attributed to APT28.
Not exact matches
After a good spam
campaign, with a mix of pharmaceutical messages for a client, paid for in batches of a million and sent to a cheap, inferior list of addresses — and
phishing messages for your personal profit, sent to a more precise, targeted list — you can come back to the market with more data to sell, and more money with
which to buy work and data from the others.
They had observed multiple
phishing targets at hillaryclinton.com, dnc.org and personal gmail accounts of
campaign officials and surmised that one of these targets at DNC must have been tricked by the
phishing campaign, from
which APT28 obtained access to the DNC server.
Phishing campaigns,
which try to get recipients to click on dangerous links, can be almost indistinguishable from legitimate messages from PayPal or your local bank.
It appears a new Bittrex
phishing site is making inroads these days,
which tries to attract users through a
phishing email
campaign.