A newly discovered hack into the House Democrats' campaign arm bears similarities to the recent breach of Democratic National Committee files, sources told Fox News -- with early indications pointing once again to possible Russian involvement.
Sources said the malware used in the breach of the Democratic Congressional Campaign Committee is similar to that used in the DNC hack reported in June.
That breach led to the embarrassing leak of internal emails by WikiLeaks that appeared to show a pro-Clinton bias in the organization -- and, in turn, led to DNC Chairwoman Debbie Wasserman Schultz stepping down ahead of the convention.
Some Democrats believe Russia played a role in order to help Republican Donald Trump, a theory the GOP nominee has downplayed.
Speaking of the DNC hack at the Aspen Security Forum Thursday, Director of National Intelligence James Clapper said the intelligence community was not ready to make a call as to who’s behind the cyber intrusion, but added “there are just a few usual suspects.”
On the motivation behind the attack, Clapper added, “We don’t know enough to ascribe motivation, regardless of who it is.”
The hack of the DCCC’s web server allowed the hackers to create and redirect traffic to a fake donations page, made to look and feel authentic, sources said. From there, hackers were able to capture all data entered on the page. Sources said the objective behind the hack is not clear, though it could be to harvest data on Democratic donors and supporters.
Additionally, Fox News has obtained analysis of the DCCC hack from private sector cybersecurity firm FireEye that suggests the intrusion was carried out by a Russian-government aligned hacking group dubbed "Tsar Team (APT28)."
In its research, FireEye notes it previously confirmed that malware analyzed from the DNC hack was also consistent with "Tsar Team" -- suggesting the group was involved in both attacks.
Tsar Team has also been implicated by FireEye in numerous cyberattacks aimed at foreign targets on behalf of the Russian government in the past.
FireEye found that visitors of DCCC's website were redirected to the compromised donations page from at least June 19 to June 27 -- the firm indicates the exact duration is unknown.
FireEye's analysis notes, "The targeting of visitors attempting to donate suggests an attempt to target personnel outside the core Democratic organization."
The firm also concluded it is currently unknown if victims who were redirected to the spoof DCCC donations page had their individual systems compromised or if sensitive data was collected from them.