Cozy Bear Hackers Traced to Russia
Bloomberg revealed that Russian government-connected hackers recently targeted the U.S. Republican National Committee.
The attack was traced to APT29 otherwise called “Cozy Bear”, a criminal hacking group involved in Russia’s intelligence agencies. This same group was previously blamed for the 2016 hacking of the Democratic National Committee.
This latest cyber attack targeting the RNC denotes the most recent influx of Russia-linked cyber assaults on the United States. Since 2021, cyber hacks have escalated even more over the past few months. Other high-profile targets include government agencies like USAID, and privately owned businesses such as Colonial Pipeline and JBS Foods.
It’s unclear if the hackers were able to view or steal any critical information. However, RNC authorities denied that any information had been stolen, as the breach was restricted to third-party provider Synnex.
RNC chief of staff, Richard Walter was informed that Synnex had been breached over the weekend. The RNC immediately restricted all access from Synnex. Thus, No RNC data was accessed or stolen.
The Russian Embassy in Washington vehemently rejected the reports of Moscow’s involvement in the RNC hack. In a Facebook statement, they expressed that the party itself denied the fact of a cyber attack. They believe there is no evidence that the attack took place.
The Kremlin likewise denied Moscow’s involvement in the cyber attack, saying it had no information on the incident.
‘Cozy Bear’ in particular, has been accused of multiple high-profile attacks tracing back to 2014. It is even suspected to be behind the SolarWinds hack that was uncovered in December 2020 – one of the largest data breaches in history.
During Biden’s June 16 summit with Russian President Vladimir Putin, the U.S. President presented his Russian counterpart with a list of clearly defined areas of U.S. critical infrastructure that he pronounced “forbidden” to Russian cyber attacks.
However, the U.S. National Security Agency released a report on July 1, which enumerated the ongoing efforts of the Russian government-linked hackers. The report provided information on recent cyber attacks launched on hundreds of USA and foreign organizations.
Targets are said to include: government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties and other business establishments.
A significant amount of recent hacking attacks appear as ransomware. Victims are ordered to pay ransoms through Bitcoin or other cryptocurrencies – the usual go-to’s of hackers – or risk losing access to their computer systems forever.
The RNC hack doesn’t appear to have included ransomware, but another enormous ransomware hack on U.S. software firm ‘Kaseya’ incurred a US$70M ransom price tag. This occurred only a week ago.
With the Kaseya hack, the White House reiterated Joe Biden’s warning to Putin, about harboring cyber criminals in Russia. President Biden emphasized that the U.S will take action if Russia is unable to root out dangerous criminal hackers residing in Russia.