Wednesday, July 7, 2021

Hack The Planet, Con't

So it turns out that the July 4th weekend cyberattack on global companies was really cover for Russian-linked hacker group Cozy Bear to try to hit the Republican National Committee.

Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack, according to two people familiar with the matter.

The government hackers were part of a group known as APT 29 or Cozy Bear, according to the people. That group has been tied to Russia’s foreign intelligence service and has previously been accused of breaching the Democratic National Committee in 2016 and of carrying out a supply-chain cyberattack involving SolarWinds Corp., which infiltrated nine U.S. government agencies and was disclosed in December.

It’s not known what data the hackers viewed or stole, if anything. The RNC has repeatedly denied that it was hacked. “There is no indication the RNC was hacked or any RNC information was stolen,” spokesman Mike Reed said.


In a statement following the publication of this story, Chief of Staff Richard Walters said the RNC learned over the weekend that a third-party provider, Synnex Corp., had been breached.

“We immediately blocked all access from Synnex accounts to our cloud environment,” he said. “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials, on this matter.”

In a statement, Microsoft declined to provide additional details. “We can’t talk about the specifics of any particular case without customer permission,” a company spokesperson said. “We continue to track malicious activity from nation-state threat actors -- as we do routinely -- and notify impacted customers.”

A spokesperson for the Russian Embassy in Washington didn’t respond to a request for comment.

The attack on the RNC, coupled with the recent ransomware attack, is a major provocation to President Joe Biden, who warned Russian President Vladimir Putin about cyberattacks at a June 16 summit. It’s not clear if the attack on the RNC is connected in any way to the ransomware attacks, which exploited multiple previously unknown vulnerabilities in software from Miami-based Kaseya Ltd.

The hackers are suspected to have attacked the RNC through Fremont, California-based Synnex, the people said, asking not to be identified as they weren’t authorized to discuss confidential matters. In a press release, Synnex said “it is aware of a few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment.”

“As our review continues, we are unable to provide any specific details,” said Michael Urban, president of worldwide technology solutions distribution at Synnex in a statement to Bloomberg News. “As with any security issue, a full review of all companies, systems, third-party applications and related IT solutions must be completed before final determinations can be made.”
 
Now, I find it extremely interesting that the RNC is flatly denying that it lost any data at all, when politically it would benefit them to say that the effort "proved" that Biden was weak, or that Trump was strong, or that it was all a part of a grand Russian "collusion" conspiracy with the Democrats to hurt Republicans. Those accusations I'm sure are coming, but for now, the initial, immediate reaction was that the attack failed to accomplish the stated goal.

It's possible that the RNC is actually telling the truth, but, well, that's unlikely now, isn't it?

Anyway, there's two possibilities, that 1) the attack worked because the Russians absolutely want to keep the GOP under their thumb with possible blackmail material, or 2) it failed and eventually this all changes to "the Dems were in on it" which is ludicrous, but this is the era of flat earth, anti-vax, and the Big Lie.

There is a third possibility, that there was never an attack on the RNC's third-party provider at all and it's all a massive false flag, but who knows with cyberattacks? They have built in plausible deniability.

Anyway, don't take anything the RNC says at face value. But you already knew that...

No comments:

Post a Comment