According to two people familiar with the situation, Russian government hackers broke into the Republican National Committee’s computer systems last week, at the same time a Russia-linked criminal group launched a huge ransomware attack. According to the sources, the government hackers were members of a group known as APT 29 or Cozy Bear.
That organization has previously been linked to Russia’s foreign intelligence service and has been suspected of hacking the Democratic National Committee in 2016 and a supply-chain cyberattack involving SolarWinds Corp., which infiltrated nine US federal organizations and was revealed in December. It is unclear what data the hackers accessed or took, if any. The RNC has denied being hacked on many occasions. “There is no indication the RNC was hacked or any RNC information was stolen,” spokesman Mike Reed said.
Chief of Staff Richard Walters claimed in a statement released after this story was posted that the RNC learned over the weekend that a third-party provider, Synnex Corp., had been breached. “We immediately blocked all access from Synnex accounts to our cloud environment,” he said. “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials, on this matter.”
Microsoft declined to disclose any additional information in a statement. A company spokeswoman responded, “We can’t talk about the specifics of any particular case without customer permission. We continue to track malicious activity from nation-state threat actors — as we do routinely — and notify impacted customers.” Dmitry Peskov, a spokesman for the Kremlin, denied that the Russian government was involved. “We can only repeat that whatever happened, and we don’t know specifically what took place here, this had no connection to official Moscow,” he said on a conference call.
The RNC attack, combined with the recent ransomware incident, is a big provocation to President Joe Biden, who warned Russian President Vladimir Putin about cyberattacks at a summit on June 16. As agreed at the meeting, the two countries have been holding “some contacts” about cybersecurity, according to Peskov, who declined to disclose specifics or comment on whether the recent incident was discussed.
It is unclear whether the RNC hack is linked to the ransomware strikes, which used a number of previously discovered flaws in software from Miami-based Kaseya Ltd.