GOP Computer Systems Reportedly Breached by Russian Hackers

Hackers breached the computer systems of a third-party IT company tied to the Republican National Committee in early July. According to reports, the IT outfit, Synnex, which provides IT solutions to the RNC, was the victim of an attack by a group with links to the Russian government. This breach is all the more alarming because it’s right on the heels of a flurry of multiple recent ransomware attacks. 

Bloomberg reports that the hackers are part of the group going by the name APT 29 or Cozy Bear. Interestingly, there seems to be links between Cozy Bear and the Russian foreign intelligence service, the SVR. In addition, this was the same hack group suspected in the attack against the Democratic National Convention (DNC) in 2016.

APT 29 was also fingered on the broader scale SolarWinds Corp cyber-attack last December. This advanced attack had breached about a hundred US companies and nine federal agencies. In addition, the same group was accused of trying to steal Covid-19 vaccine research in July 2020.

The Extent of the Attack

It’s currently unclear whether the group accessed or stole any sensitive data was from the RNC. However, the RNC has consistently maintained that its data is safe. For instance, their spokesperson concurred with the security breach claims while stating that “…Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed….”

Furthermore, the spokesperson stated that the RNC blocked access to their cloud environment from Synnex immediately after they heard of the breach. Similarly, Synnex confirmed the security breach. Its press release stated that Synnex “… is aware of a few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment.” 

However, the IT firm stated that it was reviewing the threat with Microsoft and a third-party cybersecurity outfit. Finally, Dennis Polk, Synnex CEO, pledged that they would “remain vigilant and focused on the security of the organization.”

Expectedly, Microsoft declined to explain the situation. Instead, Microsoft’s position was that they couldn’t comment on cases without their customers’ approval. Moreover, they reiterated their commitment to tracking malicious internet activity from nation-state threat actors. 

Reactions from Russia and the United States

The GOP breach is a significant issue because it comes shortly after President Biden warned Russia about cyberattacks. The President issued this executive warning at a June 16 summit in Geneva, Switzerland. President Biden made explicit references to the Colonial Pipeline attacks in the US while warning about Russian interference in American cyberspace. Furthermore, the President stated that the US would take action against any further cyber attacks. 

Biden’s foremost concern was on Russian hackers who target critical US infrastructure. The President said installations such as pipelines, airports, and power plants should be off-limits for cyber attacks. Consequently, Putin and Biden agreed that both country’s experts would work together to establish the crucial boundaries. This work would be a development on the 16 sectors Biden already said hackers mustn’t harm.

Therefore, it’s unsurprising that Russia has come out to deny any links to the GOP attack. Kremlin’s spokesman Dmitry Peskov expressly denied any Russian state involvement in the hacks. Dmitry said, “We can only repeat that whatever happened, and we don’t know specifically what took place here, this had no connection to official Moscow.”

Before the Kremlin denial, the Russian Embassy in Washington, DC had issued a similar statement. First, the Embassy stated that “there is no evidence that the attack took place.” The statement then went on to refer to the talks between Putin and Biden in Geneva. Emphasizing the consequent agreement to resume expert dialogue, the Russian Embassy called Bloomberg’s report a fabrication that could hurt the talks. 

This denial isn’t new as it follows Russia’s practice of denying involvement in any US cyber-attacks. In fact, at the June 16 Summit, Putin denied responsibility for US hacks. He claimed that most hacking crimes originate in the US and not Russia. 

Different Simultaneous Attacks

Notably, around the same time as the GOP hacks, another cyberattack targeted hundreds of American businesses. In this case, the cybercriminals exploited vulnerabilities in Kaseya, a Miami-based IT company. Cybersecurity experts have also linked the Kaseya attacks to another Russian cybercrime group, REvil. However, it’s still unclear whether there are any links between the Synnex breach and Kaseya’s. 

Whatever the case with the Russian involvement in US attacks, the Biden government has been considering punitive sanctions. After the June 16 Summit with Putin, the BBC has confirmed that Russia will face the consequences of the continued cyber assaults.  

These sanctions may be hasty considering insistent Russian denials of involvement. However, cybersecurity experts have already linked some of the hacks to Russian-backed groups. Furthermore, a grand jury indicted twelve members of Russia’s intelligence agency GRU in 2018. These indictments were for the 2016 DNC hacks and WikiLeaks publication of thousands of DNC emails. Interestingly, this Russian agency is also believed to be connected to Russian hackers Fancy Bear. So, a Russian connection seems apparent.