Russian government hackers breached the computer systems of the US Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack, according to people familiar with the matter.
The government hackers were part of a group known as APT 29 or Cozy Bear, the sources said.
That group has been tied to Russia’s foreign intelligence service and has previously been accused of breaching the Democratic National Committee in 2016 and of carrying out a supply-chain cyber attack involving SolarWinds Corp, which infiltrated nine US government agencies and was disclosed in December.
It is not known what data the hackers viewed or stole, if anything. The RNC has repeatedly denied it was hacked.
“There is no indication the RNC was hacked or any RNC information was stolen,” spokesman Mike Reed said.
Chief of Staff Richard Walters said the RNC later learned a third-party provider, Synnex Corp, had been breached.
“We immediately blocked all access from Synnex accounts to our cloud environment,” he said. “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed.”
In a statement, Microsoft declined to provide additional details. “We can’t talk about the specifics of any particular case without customer permission,” a spokesperson said.
“We continue to track malicious activity from nation-state threat actors – as we do routinely – and notify impacted customers.”
Kremlin spokesman Dmitry Peskov denied any Russian state involvement. “We can only repeat that whatever happened, and we don’t know specifically what took place here, this had no connection to official Moscow,” he said.
The attack on the RNC, coupled with the recent ransomware attack, is a major provocation to US President Joe Biden, who warned Russian President Vladimir Putin about cyber attacks at a June 16 summit. The two countries have been holding “certain contacts” about cyber security as agreed at the meeting, Mr Peskov said, declining to provide details or comment on whether the latest breach was discussed.
It is not clear if the attack on the RNC is connected in any way to the ransomware attacks, which exploited multiple previously unknown vulnerabilities in software from Miami-based Kaseya.
Mr Biden was due to meet with various agency leaders behind closed doors yesterday to discuss ransomware and ways to combat it, the White House said, calling the risk a “national security and economic security priority for the administration”.
Meanwhile, Russia has sent three nuclear submarines to a naval parade for the first time in a “show of strength” after recent skirmishes in the Black Sea. An Oscar-II Class nuclear-powered cruise missile submarine was seen entering the Baltic Sea on Monday. Two other nuclear-powered submarines were later identified, one likely to be armed with nuclear missiles and one an attack boat.
A nuclear icebreaker and several powerful surface ships are also expected to attend the parade in St Petersburg, planned for July 25.
HI Sutton, a defence analyst, said the annual event was always a display of strength but “this is a significant amount of firepower to put on show. Russia has been sending nuclear submarines to the naval parade in St Petersburg for several years, but this is the first time three submarines have been sent.
“They are the only nuclear submarines in the Baltic. These deployments act as a show of strength for both home and foreign audiences. Nato and unaligned Baltic states will likely keep a careful eye on this submarine.”
The inclusion of the submarines is likely to be, in part, a response to the incident in the Black Sea last month when HMS Defender, a British Royal Navy destroyer, was confronted by Russian forces while transiting the internationally recognised maritime route between Ukraine and Georgia.