State Hackers Broke Into the Republican Governors Association's Email Server

State Hackers Broke Into the Republican Governors Association’s Email Server

The Republican Governors Association (RGA) recently reported that its computers were hacked during a broad Microsoft Exchange hacking campaign that targeted businesses worldwide in March 2021.

RGA revealed that its email environment was first accessed by threat actors between February and March 2021. At that time, it wasn’t clear whether any personal information leaked.

However, after a thorough investigation, it became clear that the attack exposed Social Security numbers, names, and payment card information of individuals.

According to the breach letter sent by RGA on September 15, RGA has worked to get notification, call center, and credit monitoring services. RGA will also provide two years of complimentary identity restoration and credit monitoring services. FBI, some state regulators, and consumer reporting agencies are also informed of this event.

This high-budget hacking campaign affected over 250,000 Microsoft Exchange servers and thousands of organizations globally. The attackers exploited four zero-days (the ProxyLogon flaws) in attacks against Microsoft Exchange servers. They also targeted various industry sectors worldwide, intending to steal sensitive information.

The operators behind the ProxyLogon attacks have also deployed various types of malware, such as cryptomining malware, web shells, and Black Kingdom ransomware payloads on compromised Exchange servers.

A Slovak internet security firm, ESET, discovered at least 10 APT groups hitting vulnerable Exchange servers after Microsoft revealed the attacks in early March. Microsoft said that some of the attacks were carried out by the Chinese state-sponsored hacker organization Hafnium.

According to a statement from the Biden administration, malicious cyber actors linked to PRC’s MSS launched cyber-espionage activities exploiting the zero-day vulnerabilities in Microsoft Exchange Server revealed in early March 2021.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.