The AP drew on data gathered by Certfa, a cybersecurity group, to track how a hacking group often nicknamed Charming Kitten spent the past month trying to break into the private emails of more than a dozen U.S. Treasury officials.   

The hit list surfaced after Charming Kitten mistakenly left one of its servers open to the internet. Researchers at Certfa found the server and extracted a list of 77 Gmail and Yahoo addresses targeted by the hackers that they handed to the AP for further analysis.