A top Republican Party campaign committee has confirmed it fell victim to a cyber attack during the 2018 election campaign.
The attack on the National Republican Congressional Committee (NRCC), the campaign arm for Republicans in the House of Representatives, left the email accounts of high ranking members compromised for several months before the hack was detected. The FBI were informed days later and launched an investigation into the source of the cyber attack, the NRCC said.
The email accounts of four "senior staffers" were breached and involved "multiple intrusions over a few months" before the attack was discovered in April, an official connected to the investigation told the Telegraph.
The attack, first reported by the website Politico, was deemed so sensitive that senior Republicans, including the House Speaker Paul Ryan, were not told of the breach until reporters began inquiring about it on Monday.
The committee took on the services of prominent Washington legal firms as well as the public strategy firm Mercury to handle the incident.
A spokesman for the committee confirmed the hack on Tuesday. “The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” the spokesman said.
“The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter."
He added that the NRCC would not be commenting further "to protect the integrity of that investigation".
It is unclear who was behind the attack, but party officials reportedly believe it to be the work of a foreign agent.
The committee did not publicise the breach out of fear it would compromise their investigation, officials said.
The hacker was “sophisticated” and thee method of the attack “was clearly designed to hide the tracks of who it was,” one official told the Washington Post.
The NRCC had already retained the services of cybersecurity firm CrowdStrike and another managed security services provider (MSSP) when the hack occurred.
The hack was first discovered by the MSSP, which had been hired to monitor the network for breaches, and it informed NRCC officials.
The cyber hack bears similarities to a breach at the Democratic National Committee in 2016, in which Russian hackers stole emails of senior figures in the party.
However in that case the Russian agents gave the emails to the website WikiLeaks which published them ahead of the party’s July convention. The US government later charged six Russians officials over the hack.
In this incident, there is no evidence that the NRCC’s emails were released to the public.