Posted on July 7, 2021 at 11:52 AM
A recent report has revealed that hackers reportedly linked to the Russian government have breached the computer systems of the Republican National Committee (RNC). The report also revealed that the breach occurred during the same period the same group carried out a massive ransomware attack last week.
The hackers are allegedly the Cozy Bear hacking group, also called APT 29 group, which has been linked to the Russian foreign intelligence service by several security research experts.
Cozy Bear was previously connected with the hack suffered by the DNC five years ago. They have also been linked with the massive breach at SolarWinds Corp, which affected nine U.S government agencies.
The hackers infiltrated through a third-party
It’s not clear what the hackers accessed or stole, and the RNC has not admitted that it was breached.
“There is no indication the RNC was hacked or any RNC information was stolen,” a spokesman for the organization stated.
It’s also unclear whether the RNC attack has any link with the ransomware attacks that have exploited several vulnerabilities
But Chief of Staff Richard Walters stated that RNC discovered that it was Synnex Corp, a third-party provider that was breached.
He went on to say all access to the infiltrated Synnex accounts has been blocked to prevent any further breach of other accounts.
He said the organization’s security team has been working with Microsoft to carry out a review of all systems and access the level of threats. Walters added that after the assessment, no RNC data was breached. He stated that the organization is still working with Microsoft and other law enforcement to get further details about the incident.
At the time of writing, Microsoft has not provided any further details about the incident. The company stated that it isn’t allowed to provide any further details without seeking the necessary approval from customers. A spokesperson of the company added that the company is still very serious in the tracking of malicious activities from state-backed threat actors and will continue notifying affected customers.
The recent attack on the RNC as well as other recent malware attacks will not be taken likely by President Joe Biden, who has spoken vehemently about the incessant attacks on American organizations during the June 16 summit.
The attack comes after the recent spate of ransomware attacks
The threat actors are believed to have infiltrated the RNC platform via Fremont, according to a close source, who wants to remain anonymous.
Synnex, in a press release, stated that it has known some instances where threat actors have tried to access the Synnex platform. they try to steal customers’ data within the Microsoft cloud environment.
The RNC attack is coming at a time where hackers and threat actors are having a field day launching ransomware attacks on critical organizations in the U.S.
The list of victims is a long one and contains IT software provider Kaseya, insurance provider CAN, and Colonial Pipeline.
In the recent attack on the Kaseya system, the REvil ransomware group responsible for the attack demanded $70 million in Bitcoin. The attack affected 1,000 victims and the hacking group warned that the amount must be paid before their computers can be unlocked. Kaseya provides software for managed service providers.
However, Kaseya reported that about 60 of its customers were affected by the attack, and they all use its VSA on-premises product.
Threat actors used recent ransomware attacks as a diversion
Security researchers believe that Cozy Bear may have used the recent ransomware attacks are a decoy to attack political targets.
The threat group’s main goal is to launch attacks on organizations in rival countries. While ransomware attacks are to gain financially, the majority of Cozy Bear’s attacks are politically motivated.
This is why they usually target institutions and critical organizations in their rival countries. In most cases, political targets do not always end in a notable leak, unlike ransomware attacks.
President of worldwide technology solutions at Synnex, Michael Urban, stated that the company is still reviewing the situation. It is currently engaging in a complete review of third-party applications and company systems. Urban reiterated that any related IT solutions must be completed before it makes any final determinations.