The Russian state-backed hackers were able to access the Republican National Committee‘s servers last week, around the time of the massive ransomware attack that hit a US company Kaseya, as Bloomberg reported today.
It’s not clear if the attack on the RNC was connected to the recent ransomware attacks.
But according to Bloomberg’s sources, two people familiar with the matter who asked to remain anonymous as they weren’t authorized to discuss the matter, the hackers were part of a group known as APT 29 or Cozy Bear. The group was previously tied to Russia’s Foreign Intelligence Service. It was also behind a wide-impact supply-chain attack on SolarWinds Corp., disclosed in December, which compromised nine U.S. government agencies and hundreds of private companies.
The RNC has repeatedly denied that it was hacked, and hasn’t confirmed whether hackers stole anything. “There is no indication the RNC was hacked or any RNC information was stolen,” spokesman Mike Reed said.
But, over the weekend, RNC learned that its third-party vendor, Synnex Corp., was hacked, according to a statement from Richard Walters, the organization’s chief of staff.
“We immediately blocked all access from Synnex accounts to our cloud environment,” he said. “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials, on this matter.”
Microsoft reportedly declined to provide additional details to Bloomberg. “We can’t talk about the specifics of any particular case without customer permission,” a company spokesperson said.
Whereas, Synnex confirmed it has detected instances where unauthorized individuals tried to gain access through Synnex to Microsoft’s cloud environment.
“As our review continues, we are unable to provide any specific details,” said Michael Urban, president of worldwide technology solutions distribution at Synnex in a statement to Bloomberg News.
Kremlin spokesman Dmitry Peskov on Thursday denied that Russia was involved in the RNC attack. “We can only repeat that whatever happened, and we don’t know specifically what took place here, this had no connection to official Moscow,” he told in a somewhat malformed statement during a conference call.
The attack on the Republican National Committee will be seen as a major provocation to US President Joe Biden if Russia’s involvement is confirmed.
Russia and the US have held talks about cybersecurity recently, which largely led to nothing.
Biden will meet with various agency leaders on Wednesday to discuss the threat of ransomware and how to combat it.