GOP Hit By Ransomware Attack

(FiveNation.com)- On July 6 it was reported by Bloomberg News that the Republican National Committee’s computer system had been breached in a ransomware attack around the same time a Russian-linked criminal organization REvil launched a massive ransomware attack affecting at least 200 American companies.

According to Bloomberg, the cyberattack at the RNC was the work of Russian hackers who go by Cozy Bear which has been tied to Russia’s foreign intelligence branch.

However, according to the Republican National Committee, the hackers had targeted a third-party provider and none of the RNC’s data was accessed in the breach.

In a statement released July 6, the RNC’s communications director Danielle Alvarez said the RNC was notified by Microsoft that its systems may have breached, but no data was accessed.

The initial news reports that the breach was a ransomware attack by Cozy Bear were based on “two people familiar with the matter” but provided no other details on these sources and how they concluded that the group Cozy Bear carried out the attack.

In a Twitter thread, Danielle Alvarez pushed back against the Bloomberg News report and asserted that the story was not true. Bloomberg reporter William Turton updated his report to include that the RNC “continues to deny the story.” In response, Alvarez suggested that perhaps Turton should have reached out to the RNC for comment before reporting that it fell victim to a ransomware attack.

After the article appeared at Bloomberg, RNC Chief of Staff Richard Walters said they had learned that a third-party provider, Synnex Corp, was breached. The RNC immediately blocked all access from Synnex accounts to its cloud environment. The RNC also worked with Microsoft to conduct a systems review, Walters said. And after thoroughly investigating, found that no RNC data was accessed.

In a statement in response to the incident, Microsoft declined to provide additional details without customer permission. However Microsoft added that they “continue to track malicious activity from nation-state threat actors” and notify any impacted customers.

Despite President Biden’s discussions with President Vladimir Putin during their Geneva summit, cyberattacks against government and private sector targets continue apace worldwide.

After the massive ransomware attack before the July 4 weekend, US and UK intelligence agencies both released statements that Russian military hackers appear to be behind the attacks.