The US Republican National Committee is co-operating with law enforcement officials after it emerged that one of its contractors had been hacked, but said that its own data had not been accessed.
Richard Walters, RNC chief of staff, said that the political committee had been informed over the weekend “that Synnex, a third-party provider, had been breached”. He added: “We immediately blocked all access from Synnex accounts to our cloud environment.”
A Russian state-backed cyber espionage group known as Cozy Bear is suspected of hacking Synnex, according to one person briefed on the matter. Also known as APT29, the group has been linked to the hacking and theft of emails from the Democratic National Committee ahead of the 2016 US election.
It was also suspected of involvement in a cyber espionage campaign uncovered last year targeting US software company SolarWinds, in which the email systems of federal agencies and corporations were breached.
Walters denied a report claiming that the RNC had also been successfully hacked by the Russian group. “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed,” he said. “We will continue to work with Microsoft, as well as federal law enforcement officials on this matter.”
Synnex said that it was “conducting a thorough review of a few instances in which outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment”, but it was unable to provide further details.
The RNC contractor was breached as the Biden administration faces pressure to stop a string of cyber attacks against US businesses and critical infrastructure in recent weeks.
When President Joe Biden met Russian president Vladimir Putin in Geneva last month, he demanded a halt to the attacks from within Russia from both state-backed hackers and criminal ransomware groups. But the attacks have continued.
Over the weekend, a Russian-speaking criminal hacking cartel REvil — which is also believed to operate out of Russia — went on a global ransomware spree, hitting as many as 1,500 companies and forcing Sweden’s Coop grocery chain to close hundreds of stores.
At a briefing on Tuesday, even before the RNC disclosed the attack on its contractor, Jen Psaki, White House press secretary, said Biden administration officials were engaged with Russian officials on cyber matters. She said that “expert-level talks . . . are continuing and we expect to have another meeting next week focused on ransomware attacks”.
Psaki added: “As the president made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own.”
Biden is expected on Wednesday to meet top officials from the state department, the homeland security department, the justice department and US intelligence officials regarding the cyber attacks.
Cybersecurity group FireEye said that Russian government-backed hackers were “active right now with intrusions”, suggesting that they were benefiting from security companies being focused on criminal ransomware activities.
Microsoft would not comment on the Synnex or RNC breach, but said: “We continue to track malicious activity from nation-state threat actors — as we do routinely — and notify impacted customers through our nation-state notification process.”