A cyberespionage group that is part of Russia’s intelligence services breached the computer systems of the Republican National Committee (RNC) last week, according to a Bloomberg report.
The government hackers reportedly gained access to the US political party’s systems after compromising one of its IT contractors, Synnex, last week.
In a statement to Bloomberg, the RNC denied that its systems had been hacked.
“We immediately blocked all access from Synnex accounts to our cloud environment,” the RNC said. “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials on this matter.”
The Russian hackers, known as Cozy Bear, APT29 and Nobelium, have previously been identified by UK and US intelligence services as being part of the SVR, Russia’s foreign intelligence service.
Cozy Bear was behind the recent supply chain attack against IT vendor SolarWinds, which saw up to 18,000 of its customers download a malicious updated planted by the hacking group. Cozy Bear was also accused of hacking the Democratic National Committee in 2016.
The Kremlin denied any Russian state involvement in the alleged RNC hack.
US-based Synnex confirmed on Tuesday that “outside actors have attempted to gain access through Synnex, to customer applications within the Microsoft cloud environment”.
“We are a long-term distribution partner for Microsoft and along with them, responded with the requisite urgency to address the recent attacks and to limit the potential activities of these bad actors,” said Dennis Polk, president and CEO of Synnex. “We will remain vigilant and focused on the security of our organisation.”
The company added that the attack “could potentially be in connection with the recent cyberattacks of managed service providers”.
The Synnex hack occurred during the same week as the ransomware attack against IT vendor Kaseya. The company provides software that is used by managed service providers, which increased the exposure of companies affected by the attack from around 60 organisations to up to 1,500.
Russian speaking cybercriminal group REvil has demanded $70m for a decryption key to unscramble all the affected organisation’s systems.
There is no evidence that the two attacks are linked but cybersecurity experts have speculated whether the timing was more than a coincidence.
The alleged RNC hack comes amid a barrage of cyberattacks against US organisations. Ransomware attacks have caused significant disruption to meat supplier JBS and fuel company Colonial Pipeline.
Last week US and UK intelligence agencies said Russia’s GRU had been conducting “brute force” cyberattacks against “hundreds” of government and private sector targets around the world since mid-2019, according to US and UK security agencies.
In June, US President Joe Biden confronted his Russian counterpart Vladimir Putin on the spree of cyberattacks.
When asked then if he could trust Putin, Biden responded: “The proof of the pudding is in the eating. We’re going to know shortly.”