Reports that alleged Russian hackers breached the Republican National Committee data during the Kaseya ransomware attack are “not true,” GOP officials said after multiple corporate outlets ran the anonymously sourced story.
“Russia ‘Cozy Bear’ Hackers Breached GOP as Ransomware Attack Hit,” a Bloomberg News headline announced on Tuesday. Citing “two people familiar with the matter” who were not named, Bloomberg said hackers belonging to the group known as ‘Cozy Bear’ broke into the RNC computers during Friday’s attack on the Florida-based IT provider Kaseya, which was itself blamed on a “Russia-linked” outfit REvil.
SCOOP: Russian State Hackers Breached Republican National Committee. Story coming shortly.
The GOP outright denied the report, however. “This is not true,” party spokeswoman Danielle Alvarez said on Twitter, shortly before posting a full official statement.
According to the RNC, one of their providers – the California-based Synnex – was among those breached during Friday’s ransomware attack, but the party “immediately” blocked their access to its cloud.
“Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed,” the statement said.
Bloomberg itself quoted RNC spokesman Mike Reed, who said that there was “no indication the RNC was hacked or any RNC information was stolen” and that the party is investigating the matter after informing the FBI and Homeland Security.
Despite the denials, the story quickly made rounds as ‘Cozy Bear’ – alias APT 29 – is supposed to be the same group that has been accused of hacking the Democrats in 2016, touching off the ‘Russiagate’ conspiracy hysteria.
Testimonies declassified in May 2020, however, showed that none of the officials – or executives at the cybersecurity contractor CrowdStrike – actually had any evidence of the hack, much less that Moscow was behind it.
Synnex has issued a statement saying it was “aware of a few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment.”
Kaseya, which Synnex uses for IT management services, said that “fewer than 60” of its customers were compromised in the ransomware attack, and that “the total impact thus far has been to fewer than 1,500 downstream businesses.”
The Bloomberg story also quoted Charles Carmakal, a senior executive at FireEye’s subsidiary Mandiant, who said they observed activity by “Russian government hackers” but offered no details.
“Is it just coincidental timing for the Russian government to do some of the other things they’re doing right now?” Carmakal said. “Is this coordinated and planned? I have no idea. I know that both things are happening, that’s a fact, I just don’t know why.”
FireEye is the company that uncovered last year’s SolarWinds hack, in which multiple US government agencies were compromised – and blamed it on the Kremlin. In December, FireEye said they themselves had been hacked by “a nation with top-tier offensive capabilities,” which US corporate media outlets then rushed to declare “almost certainly” Russia.
Like this story? Share it with a friend!