In an incident likely to raise concerns among party donors about their personal information, Reuters first reported on Thursday that the Federal Bureau of Investigation is probing the hack at the Democratic Congressional Campaign Committee, or DCCC.
The committee said it has hired cybersecurity firm CrowdStrike to investigate. “We have taken and are continuing to take steps to enhance the security of our network,” the committee said in a statement. “We are cooperating with federal law enforcement with respect to their ongoing investigation.”
The DCCC hack may be related to an earlier hack against the Democratic National Committee, which raises money and sets strategy for Democratic candidates nationwide. The DNC and DCCC occupy the same office building in Washington.
Potential links to Russian hackers in both incidents are likely to heighten Democratic accusations, so far unproven, that Moscow is trying to meddle in the U.S. presidential election campaign to help Republican nominee Donald Trump.
The Kremlin denied involvement in the DNC cyberattack.
The DCCC breach may have been intended to gather information on donors, rather than steal money, sources said on Thursday.
The hack may have begun in June, when a bogus website was registered with a name resembling a DCCC donation site. For some time, donation-related internet traffic that was supposed to go to a donation-processing firm instead went to the bogus site, said the cyber sources who asked not to be identified.
The sources said the numerical internet address of the spurious site resembled one used by a Russian government-linked hacking group, one of two suspected in the DNC breach.
Cyber experts and U.S. officials said on Monday that there was evidence that Russia engineered the DNC hack to release sensitive party emails and influence U.S. politics.
The DNC hack raised concerns among Democrats at the party’s convention in Philadelphia, where Hillary Clinton was nominated as the party’s candidate in the Nov. 8 presidential election.
The new hack at the DCCC could add pressure on the Obama administration to make a public accusation or retaliate. The Justice Department and other agencies have said it is important for deterrence to “name and shame” cyber adversaries.
“Any efforts on a nation state’s part to interfere with U.S. politics through cyber attacks would appear to cross a line that would demand a response from the U.S. government,” said D.J. Rosenthal, a former Justice Department and National Security Council official.
A former White House official, speaking on condition of anonymity, said any formal accusation would require overwhelmingly certain evidence.
Staffers for the Republican National Committee and the Democratic Senatorial Campaign Committee said separately that those campaign organizing groups had not been hacked.