WASHINGTON/NEW YORK--Email accounts for a campaign group supporting Republicans candidates running for the U.S. House of Representatives were hacked before this year's congressional elections, according to a person familiar with the investigation.
Hackers used National Republican Congressional Committee credentials to access a "small number" of email accounts at the organization, which is also known as the NRCC, said the person, who was not authorized to discuss details of the attack.
NRCC spokesman Ian Prior confirmed the group was the victim of a cyberattack by an unknown party, but disputed that stolen passwords were used. "Upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter," Prior said.
The NRCC changed the passwords at its web-based email provider and took steps to prevent similar attacks, said the person, who did not name the email provider.
The hackers used techniques that make them difficult to identify and officials have yet to determine whether they were aligned with a foreign government, said a second person familiar with the case. Cybersecurity firm CrowdStrike said in a statement that the NRCC asked it in April to investigate "unauthorized access" to the group's emails.
The NRCC had previously hired CrowdStrike to protect the NRCC’s internal corporate network, which was not compromised in the incident, the company said. The news was first reported by Politico, which said the NRCC learned about the attack from a vendor who alerted the committee and its cybersecurity contractor.
