A contractor for the Republican National Committee (RNC) was allegedly breached by threat actors associated with the Russian government.
Synnex, a California-based IT distributor, was targeted by threat actors attempting to access Microsoft cloud customer apps. The company is a major provider of services for the RNC, and is assumed to have been a primary target of the attack.
The RNC has denied that any of its data was compromised.
“Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials, on this matter,” said RNC Chief of Staff Richard Walters.
Early reports from Bloomberg allege that the cyberattack was conducted by APT29, also known as Cozy Bear, a hacking group associated with the Russian government and thought to be responsible for the 2016 hack of the Democratic National Committee and the more recent SolarWinds attack.
The Russian government has denied involvement in the attack.
“We can only repeat that whatever happened, and we don’t know specifically what took place here, this had no connection to official Moscow,” said Kremlin spokesman Dmitry Peskov.
The cyberattack coincided with an historic ransomware campaign conducted by REvil, a ransomware as a service (RaaS) gang that is assumed to operate from within Russia.
The combined activities have created a diplomatic crisis between the Biden administration and the Russian government.
“As the President made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,” said White House Press Secretary Jen Psaki in a July 6 briefing.