The Republican Governors Association (RGA) recently reported that its computers were hacked during a broad Microsoft Exchange hacking campaign that targeted businesses worldwide in March 2021.
RGA revealed that its email environment was first accessed by threat actors between February and March 2021. At that time, it wasn’t clear whether any personal information leaked.
However, after a thorough investigation, it became clear that the attack exposed Social Security numbers, names, and payment card information of individuals.
According to the breach letter sent by RGA on September 15, RGA has worked to get notification, call center, and credit monitoring services. RGA will also provide two years of complimentary identity restoration and credit monitoring services. FBI, some state regulators, and consumer reporting agencies are also informed of this event.
This high-budget hacking campaign affected over 250,000 Microsoft Exchange servers and thousands of organizations globally. The attackers exploited four zero-days (the ProxyLogon flaws) in attacks against Microsoft Exchange servers. They also targeted various industry sectors worldwide, intending to steal sensitive information.
The operators behind the ProxyLogon attacks have also deployed various types of malware, such as cryptomining malware, web shells, and Black Kingdom ransomware payloads on compromised Exchange servers.
A Slovak internet security firm, ESET, discovered at least 10 APT groups hitting vulnerable Exchange servers after Microsoft revealed the attacks in early March. Microsoft said that some of the attacks were carried out by the Chinese state-sponsored hacker organization Hafnium.
According to a statement from the Biden administration, malicious cyber actors linked to PRC’s MSS launched cyber-espionage activities exploiting the zero-day vulnerabilities in Microsoft Exchange Server revealed in early March 2021.