Russian hackers breached Synnex, a third-party IT contractor that works with Microsoft accounts, last week.
The attack took place around the same time a major ransomware attack was executed by a Russian-linked criminal group.
Bloomberg News reported the hackers belonged to a group known as APT 29 or Cozy Bear.
See more stories on Insider’s business page.
Russian government hackers breached Synnex, a third-party IT contractor that works with Microsoft last week, around the same time a major ransomware attack was tied to a Russian-linked criminal group.
Bloomberg News reported that hackers breached the Republican National Committee’s computer systems, but an RNC spokesperson denied that allegation to Insider, saying the group’s team worked with Microsoft to immediately confirm that no RNC data was accessed in the Synnex breach.
Two people familiar with the incident told the outlet that the hackers are part of a group known as APT 29 or Cozy Bear, which has been linked to Russia’s foreign intelligence service. The hackers were previously accused of breaching the Democratic National Convention in 2016 and infiltrating nine US government agencies during a supply-chair cyberattack that was disclosed in December, Bloomberg reported.
The breach comes less than a month after President Joe Biden warned Russian President Vladimir Putin about cyberattacks at a June 16 summit.
In a Facebook statement Tuesday evening, the Russian Embassy in Washington, DC, also denied that Russian hackers breached computer systems belonging to the RNC.
“There is no evidence that the attack took place,” the statement said. “We would like to remind that during the summit of the presidents of Russia and the United States in Geneva, the topic of cybersecurity took one of the central places.”
The IT corporation, Synnex, said it was aware of a “few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment,” in a press release.
“As a distributor, we only work directly with value-added resellers and vendor partners, such as Microsoft,” Michael Urban, president of worldwide technology solutions distribution at Synex said in a statement to Insider. “SYNNEX does not work directly with end user entities of cloud application products.”
Urban added that the company was unable to provide specifics while it conducts a full review.
RNC Chief of Staff Richard Walters confirmed to Insider that no RNC data was accessed in the breach.
“Over the weekend, we were informed that Synnex, a third party provider, had been breached. We immediately blocked all access from Synnex accounts to our cloud environment,” Walters said. “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials on this matter.”
It was unclear if the Synnex breach was in any way tied to the ransomware attacks that took place around the same time, which targeted 200 American businesses using vulnerabilities in Kaseya, a Miami-based IT firm.
Cybersecurity experts have tied the massive attack to Russian-based criminal ransomware-as-a-service organization, REvil, which most recently attacked meat supplier JBS.
Correction 7/06/2021: This article was corrected to reflect that the RNC says Synnex was breached not specifically the RNC.
Read the original article on Business Insider