Russian state hackers affiliated with the group Cozy Bear were reportedly behind an attack last week on Synnex, a contractor that provides IT services for the Republican National Committee (RNC), Bloomberg writes. The attack may have exposed the organization’s information.
When asked by Bloomberg, a spokesperson for the RNC denied the organization’s systems had been hacked, but confirmed that one of its IT providers Synnex, had been exposed. The RNC provided the following statement in reference to the attack:
Over the weekend, we were informed that Synnex, a third party provider, had been breached. We immediately blocked all access from Synnex accounts to our cloud environment. Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials on this matter.
In a statement released on July 6th, Synnex further confirmed “it is aware of a few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment.” The company claims it is reviewing the attack alongside Microsoft and a third-party security firm. Manipulating enterprise software that interacts with Microsoft’s cloud rather than going after Azure or Office products directly shares some similarities with the SolarWinds hack in 2020.
And that connection would make sense: members of Cozy Bear working with SVR, Russia’s foreign intelligence service, are largely suspected to be behind the manipulation of the SolarWinds software for illegal ends. The SolarWinds breach potentially exposed information from over a hundred companies and government organizations, and even compromised the tools of cybersecurity companies designed to prevent these kinds of attacks, like FireEye.
There’s also parallels to draw between a breach of the RNC and the hack of the Democratic National Committee and Hilary Clinton’s presidential campaign in 2016. That breach, and the leak of thousands of emails on WikiLeaks, ultimately led to the indictment of 12 members of GRU, a Russian military intelligence agency with connections to another group of ursine-inspired Russian hackers called Fancy Bear.
The RNC attack arrives among a flurry of ransomware attacks on critical infrastructure and companies in the US. The list is long, but in the last year, Colonial Pipeline, insurance provider CNA, and more recently, IT software provider Kaseya, have all been the victims of ransomware attacks. Bloomberg suggests Cozy Bear’s attack could have used these ransomware hacks as a kind of cover, and even if they didn’t, attacking political targets is an ongoing problem that doesn’t always end in a dramatic leak.