Cybersecurity

RNC says contractor breached in hack, GOP data secure

The Republican National Committee (RNC) on Tuesday acknowledged that one of its contractors had been breached by hackers linked to Russia but said its data had not been accessed. 

Bloomberg News reported Tuesday that the Russian advanced persistent threat (APT) 29 group had breached the RNC’s computer systems last week by compromising Synnex, a third-party technology provider. 

The APT29 group, also known as “Cozy Bear,” is the same group that hacked the Democratic National Committee (DNC) ahead of the 2016 elections. It was also linked by U.S. intelligence agencies to last year’s SolarWinds hack, which compromised nine federal agencies. 

The RNC on Tuesday, however, denied that the Russian targeting had been successful. 

“Over the weekend, we were informed that Synnex, a third party provider, had been breached,” RNC chief of staff Richard Walters said in a statement provided to The Hill. “We immediately blocked all access from Synnex accounts to our cloud environment.”

“Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed,” Walters added. “We will continue to work with Microsoft, as well as federal law enforcement officials on this matter.”

Mike Reed, a spokesperson for the RNC, told Bloomberg that the breach did not have much of an impact and that the Department of Homeland Security (DHS) and the FBI are aware of the incident. 

DHS did not respond to The Hill’s request for comment. A spokesperson for the FBI said that the bureau “is aware of the incident and has no additional comment at this time.”

Synnex put out a press statement Tuesday noting that it “is aware of a few instances where outside actors have attempted to gain access, through SYNNEX, to customer applications within the Microsoft cloud environment” but not specifying which customers.

“We are a long-term distribution partner for Microsoft and along with them, responded with the requisite urgency to address the recent attacks and to limit the potential activities of these bad actors,” Dennis Polk, President and CEO of SYNNEX, said in a statement. “We will remain vigilant and focused on the security of our organization.”

The breach came around the same time a Russian-linked ransomware group known as REvil likely launched a ransomware attack against software group Kaseya, resulting in up to 1,500 companies being hit by the attack. It is unclear if the two breaches are linked. 

The breach also came weeks after President Biden and Russian President Vladimir Putin met in person in Switzerland to discuss a range of topics, with cybersecurity concerns at the top of the list.

Biden earlier this year levied sanctions on Russia in retaliation for the SolarWinds hack and warned Putin that the U.S. would take further steps if the cyberattacks continued.

John Hultquist, the vice president of analysis at FireEye’s Mandiant Threat Intelligence, said in a statement provided to The Hill on Tuesday that political parties are a common target. 

“Political parties are incubators for public policy, making them ideal targets for espionage actors trying to collect political, military, and economic intelligence,” Hultquist said. “Though these organizations have been famously involved in aggressive hack and leak campaigns, more often than not, Russian hackers and others target them to quietly gather intelligence.”

“While GRU actors made a big splash with the data they’d taken from the DNC in 2016 they were not alone,” he said. “APT29 had also infiltrated that network in an operation that is more typical of cyber espionage.”