U.S. political action committee Lincoln Project, which was formed in 2019 to counter former President Donald Trump's re-election bid, has been impacted by a business email compromise attack in February that resulted in the exfiltration of $35,000, reports The Record, a news site by cybersecurity firm Recorded Future.
Infiltration of a third-party vendor's email account enabled threat actors to distribute legitimate-looking invoices to its various clients, including the super PAC, which already reported separate transactions of $20,000 and $15,000 made by the attackers as "fraudulent," said Lincoln Project spokesperson Greg Minchak, who added that the intrusion did not affect its operations.
"Since it was the vendor that was hacked, we are letting them and our bank’s fraud department lead any investigation," Minchak added.
Such a disclosure by the Lincoln Project comes weeks after the FBI reported that BEC attack-related losses reached $2.9 billion last year.