Republican National Committee says its data is safe after Russian hack
The hack occurred at around the same time as the ransomware attack on Kaseya
The Republican National Committee (RNC) has denied reports that hackers with links to the Russian government were able to access its data in a breach of a third-party provider last week.
Richard Walters, the RNC's chief of staff, said that while threat actors did manage to hack RNC contractor Synnex, a Microsoft investigation found that they didn't access any RNC data.
"Over the weekend, we were informed that Synnex, a third party provider, had been breached. We immediately blocked all access from Synnex accounts to our cloud environment," Walters said.
"Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed."
Walters added that the RNC will continue to work with federal law enforcement officials and Microsoft to investigate the incident.
On Tuesday, Bloomberg reported that members of APT 29, aka Cozy Bears, had compromised the RNC's systems at roughly the same time as the major ransomware attack on Florida-based Kaseya. The attack affected a large number of SMEs worldwide. Although Synnex is not a Kaseya customer, it may still have been affected by the supply chain attack.
RNC spokesman Mike Reed told Bloomberg there was no evidence to suggest that any RNC data was stolen.
Microsoft also declined to provide details about the incident, saying it could not discuss the specifics without customer permission.
In its press release, Synnex said that it was aware of a few instances where threat actors tried to gain access, through Synnex, to customer applications within the Microsoft cloud environment.
It claimed that its 'internal and external environments remained online throughout the period of attack'.
The incidents 'could potentially be in connection with the recent cybersecurity attacks of Managed Service Providers,' the company noted.
John Hultquist, VP of Analysis, Mandiant Threat Intelligence, commented: "Political parties are incubators for public policy, making them ideal targets for espionage actors trying to collect political, military, and economic intelligence."
"Though these organisations have been famously involved in aggressive hack and leak campaigns, more often than not, Russian hackers and others target them to quietly gather intelligence. While GRU actors made a big splash with the data they'd taken from the DNC in 2016 they were not alone. APT29 had also infiltrated that network in an operation that is more typical of cyber espionage."
APT 29, also known as Cozy Bear, is believed to have links to Russia's foreign intelligence service. It is said to be behind 2016 hack of Democratic National Committee and last year's supply chain attack targeting SolarWinds Corp.
The Synnex breach comes less than a month after a summit between Joe Biden and Vladimir Putin, where the US President asked his Russian counterpart to stop giving safe haven to ransomware groups launching attacks on American enterprises.
It is unclear if the Synnex breach is in any way linked to last week's Kaseya attack. Hackers compromised the firm's remote monitoring and management tool, VSA , to encrypt the IT systems of thousands of businesses worldwide. Many of Kaseya's customers are managed service providers, and the hack spread to their own customers.
Russian-speaking ransomware gang REvil has claimed responsibility for the Kaseya attack.