A yet-unidentified foreign entity hacked the campaign committee for House Republicans earlier this year, and no one notified either leadership or rank-and-file members.
The email accounts of four senior aides at the National Republican Congressional Committee were surveilled for several months, the party officials said. The intrusion was detected in April by an NRCC vendor, who alerted the committee and its cybersecurity contractor. An internal investigation was initiated, and the FBI was alerted to the attack, said the officials, who requested anonymity to discuss the incident.
However, senior House Republicans — including Speaker Paul Ryan of Wisconsin, Majority Leader Kevin McCarthy of California and Majority Whip Steve Scalise of Louisiana — were not informed of the hack until Politico contacted the NRCC on Monday with questions about the episode. Rank-and-file House Republicans were not told, either.
Committee officials said they decided to withhold the information because they were intent on conducting their own investigation and feared that revealing the hack would compromise efforts to find the culprit.
The hack of the organization, the National Republican Congressional Committee, exposed thousands of emails from four senior aides for months, and perhaps longer. The hack was terminated when the staff members, alerted to the intrusion, changed their passwords. The committee called in the F.B.I. to investigate.
But the committee waited eight months — until after Republicans lost 40 seats and control of the House of Representatives in the midterm elections — to disclose publicly what had happened. It remains unclear who was behind the hack.
None of the emails appear to have been published. That could suggest that the hackers were just testing to see if they could break into the committee, or that they found the trove of stolen material insufficiently interesting.
This was not the first time the Republicans had been a target. In 2016, Russian hackers broke into the servers of an outside vendor who appeared to have largely outdated documents from past presidential campaigns, James B. Comey, then the director of the F.B.I., told Congress in January 2017.
... [T]he techniques used by the hacker or hackers suggested that the breach was carried out by “a sophisticated actor.” The chief evidence was the lengths to which the hacker or hackers went to cover their tracks, another person familiar with the investigation said. “It was not a very broad or big hack,” that person added, “but it was skillful.”
That alone would suggest that the hackers might be state sponsored, or at least experienced. But often it is difficult to tell whom hackers are working for, and state-sponsored hackers often go to considerable lengths to hide that information.