Republican National Committee Hit By Suspected Russian-Backed Hackers

Posted on July 7, 2021 at 11:52 AM

Republican National Committee Hit By Suspected Russian-Backed Hackers

A recent report has revealed that hackers reportedly linked to the Russian government have breached the computer systems of the Republican National Committee (RNC). The report also revealed that the breach occurred during the same period the same group carried out a massive ransomware attack last week.

The hackers are allegedly the Cozy Bear hacking group, also called APT 29 group, which has been linked to the Russian foreign intelligence service by several security research experts.

Cozy Bear was previously connected with the hack suffered by the DNC five years ago. They have also been linked with the massive breach at SolarWinds Corp, which affected nine U.S government agencies.

The hackers infiltrated through a third-party

It’s not clear what the hackers accessed or stole, and the RNC has not admitted that it was breached.

 “There is no indication the RNC was hacked or any RNC information was stolen,” a spokesman for the organization stated.

It’s also unclear whether the RNC attack has any link with the ransomware attacks that have exploited several vulnerabilities

But Chief of Staff Richard Walters stated that RNC discovered that it was Synnex Corp, a third-party provider that was breached.

He went on to say all access to the infiltrated Synnex accounts has been blocked to prevent any further breach of other accounts.

He said the organization’s security team has been working with Microsoft to carry out a review of all systems and access the level of threats. Walters added that after the assessment, no RNC data was breached. He stated that the organization is still working with Microsoft and other law enforcement to get further details about the incident.

At the time of writing, Microsoft has not provided any further details about the incident. The company stated that it isn’t allowed to provide any further details without seeking the necessary approval from customers. A spokesperson of the company added that the company is still very serious in the tracking of malicious activities from state-backed threat actors and will continue notifying affected customers.

The recent attack on the RNC as well as other recent malware attacks will not be taken likely by President Joe Biden, who has spoken vehemently about the incessant attacks on American organizations during the June 16 summit.

The attack comes after the recent spate of ransomware attacks

The threat actors are believed to have infiltrated the RNC platform via Fremont, according to a close source, who wants to remain anonymous.

Synnex, in a press release, stated that it has known some instances where threat actors have tried to access the Synnex platform. they try to steal customers’ data within the Microsoft cloud environment.

The RNC attack is coming at a time where hackers and threat actors are having a field day launching ransomware attacks on critical organizations in the U.S.

The list of victims is a long one and contains IT software provider Kaseya, insurance provider CAN, and Colonial Pipeline.

In the recent attack on the Kaseya system, the REvil ransomware group responsible for the attack demanded $70 million in Bitcoin. The attack affected 1,000 victims and the hacking group warned that the amount must be paid before their computers can be unlocked. Kaseya provides software for managed service providers.

However, Kaseya reported that about 60 of its customers were affected by the attack, and they all use its VSA on-premises product.

Threat actors used recent ransomware attacks as a diversion

Security researchers believe that Cozy Bear may have used the recent ransomware attacks are a decoy to attack political targets.

The threat group’s main goal is to launch attacks on organizations in rival countries. While ransomware attacks are to gain financially, the majority of Cozy Bear’s attacks are politically motivated.

This is why they usually target institutions and critical organizations in their rival countries. In most cases, political targets do not always end in a notable leak, unlike ransomware attacks.

President of worldwide technology solutions at Synnex, Michael Urban, stated that the company is still reviewing the situation. It is currently engaging in a complete review of third-party applications and company systems. Urban reiterated that any related IT solutions must be completed before it makes any final determinations.

Summary
Republican National Committee Hit By Suspected Russian-Backed Hackers
Article Name
Republican National Committee Hit By Suspected Russian-Backed Hackers
Description
A recent report has revealed that hackers reportedly linked to the Russian government have breached the computer systems of the Republican National Committee (RNC). The report also revealed that the breach occurred during the same period the same group carried out a massive ransomware attack last week.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading