A Russian-linked cybercriminal group known as 'Cozy Bear' or APT 29 reportedly breached the Republication National Committee last week.
The attack is thought to have been timed with the Kaseya ransomware attack over the 4th of July weekend. That attack has affected approximately 1,500 companies.
Cozy Bear is best known for being tied to the breach of the Democratic National Committee in 2016 and being at the center of accusations of the SolarWinds supply chain attack in December of 2020.
The RNC has denied any breach. “There is no indication the RNC was hacked or any RNC information was stolen,” spokesman Mike Reed said.
Kunal Anand, CTO, Imperva weighed-in on the attack:
“Every organization is realizing they’re vulnerable in a more complex way that extends beyond the perimeter and outside of traditional security defenses, and even pushes the boundaries of endpoint security. Software supply chain attacks will become the new go-to vector for future attacks – particularly those sponsored by nation state actors. This is an intractable problem that shows why companies have to think beyond their immediate set of vendors - they must account for their vendor’s vendors too.
As a nation, we need to identify software supply chain attacks as a growing domain of national security risk. With a blueprint for conducting successful software supply chain attacks now in hand, nation states will look to exploit other software vulnerabilities as a means for conducting espionage or disrupting an adversary’s day-to-day life. The Feds must increase the number of resources and support for U.S. businesses, particularly small and medium sized businesses, that find themselves as targets in this on-going cyber war. As ransomware appears to be the weapon of choice in 2021, giving businesses guidance on how to recover from an attack or how to prepare for an attack, must be the starting point. As NIST finalizes its guidance for enhancing the security of software supply chains, it must account for attacks that exploit the MSP ecosystem along with sophisticated security risks that are born in the software development lifecycle.”