State-backed Russian hackers reportedly breached the Republican National Committee (RNC) last week, although the party denies any data was stolen.
Two people familiar with the matter told Bloomberg of the attack, which is thought to have come from APT29 (Cozy Bear), a notorious Kremlin hacking group that was blamed for the 2016 info-stealing raid on the Democratic National Committee (DNC).
The RNC said that third-party IT services partner Synnex was breached over the July 4 holiday weekend, but no data was taken.
“We immediately blocked all access from Synnex accounts to our cloud environment,” chief of staff Richard Walters reportedly claimed.
“Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials, on this matter.”
In a brief statement, long-term Microsoft distributor Synnex said it had been conducting a thorough security review.
“Synnex … confirms it is aware of a few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment,” it added.
“These actions could potentially be in connection with the recent cybersecurity attacks on managed service providers.”
Those attacks are a single ransomware campaign that hit US software firm Kaseya and its downstream customers over the same weekend. However, that attack is believed to have been carried out by financially motivated cyber-criminals rather than a state-backed entity.
John Hultquist, VP of analysis at Mandiant Threat Intelligence, said parties are ideal targets for espionage actors looking for political, military, and economic intelligence.
“Though these organizations have been famously involved in aggressive hack and leak campaigns, more often than not, Russian hackers and others target them to quietly gather intelligence,” he added.