[BreachExchange] Russian hackers breached a GOP contractor

[Sophia Kingsbury]

https://news.yahoo.com/russian-hackers-breached-gop-contractor-114508868.html

A state-sponsored Russian hacking group infiltrated the computer systems of
a Republican National Committee (RNC) contractor over the weekend.
Bloomberg originally revealed that the RNC suffered a breach at the hands
of prolific hackers APT29, aka Cozy Bear, who are believed to be behind a
spate of high-profile cyberattacks on the US and its allies.

However, GOP officials were quick to refute that report, interjecting that
the actual victim was a third-party IT services provider known as Synnex.
The hack was orchestrated amid the backdrop of a larger supply chain
cyberattack and increasing hostilities between the US and Russia over
cyber-espionage campaigns.

In a statement, chief of staff Richard Walters said the RNC learned of the
attack over the weekend and "immediately blocked all access from Synnex
accounts to our cloud environment." After conducting a review of its
systems with Microsoft, Walters said no RNC data had been accessed.
Spokesman Mike Reed also told Bloomberg that “there is no indication the
RNC was hacked or any RNC information was stolen.” Officials are currently
working with law enforcement on the matter, Walters added.

With the focus on its services, GOP contractor Synnex also addressed the
incident. The company confirmed it was aware of "a few instances where
outside actors have attempted to gain access" to its customers "through the
Microsoft cloud environment."

Cyberattacks are on the rise as criminal and government-backed hackers take
advantage of the disruption to working patterns caused by the pandemic to
extort and cause havoc. Just days ago, over 200 managed service providers
were compromised after hackers breached the systems of management software
giant Kaseya. Before that, leading US fuel supplier Colonial was forced to
shut down one of its main pipelines after it suffered a ransomware attack.

To protect government networks, President Biden signed an executive order
in May aimed at bolstering cybersecurity through improved info sharing
between agencies, increased scrutiny of third-party software and an
education program for the public. In addition, Biden called for the
establishment of a formal set of rules for responding to a breach that
would be reviewed by the head of CISA. Biden's retaliation against Russia,
meanwhile, has included sanctions on dozens of entities and officials.

The Russian government-backed group believed to have perpetrated the Synnex
breach is among the most notorious in the world. APT 29 was accused of
breaching the Democratic National Committee in 2016 and for carrying out
the wide scale SolarWinds cyberattack last December, which impacted nine US
government agencies. It was also accursed of brazenly attempting to steal
COVID-19 vaccines research last July.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210707/dc3921cd/attachment.html>