The cyberattacks on the Clinton Campaign, the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC) started, as many do, with a spear phishing attack.

According a July 2018 indictment of 12 Russian military intelligence officials, in March 2016, a member of the Russian military spoofed an email to look like a security notification from Google, then sent it to the Clinton campaign manager “instructing the user to change his password by clicking the embedded link. Those instructions were followed.”

The indictment states that in the ensuing months, the Russian team deployed dozens more spear phishing attacks and successfully exploited the DNC's and DCCC's network vulnerabilities. The group was soon able to monitor computer activity of various political operatives and surreptitiously exflitrate data out of all three organizations. And even when the Russian team's infiltration was discovered, their stranglehold did not let up.