Synnex, a Supplier for the RNC, Detected an Intrusion Attempt
IT services provider Synnex Corp., which counts the Republican National Committee as a customer, said Tuesday that an intrusion attempt against it may be related to Friday’s Kaseya mass ransomware attack.
But Republican National Committee chief of staff Richard Walters tells Information Security Media Group that no breach of its systems occurred.
“Over the weekend, we were informed that Synnex, a third-party provider, had been breached,” Walters says. “We immediately blocked all access from Synnex accounts to our cloud environment. Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials on this matter.”
Synnex says in a statement that outside actors attempted to gain access to customer applications within the Microsoft cloud environment. It said that the action could “potentially be in connection with the recent cybersecurity attacks of managed service providers, or MSPs.”
Synnex appears to be referring to the supply chain attack on Kaseya, the Miami-based software company that develops IT management tools. On Friday, attackers affiliated with the REvil ransomware gang exploited vulnerabilities in Kaseya’s VSA software, which is used by MSPs. The attackers then distributed ransomware to as many as 60 of Kaseya’s MSP customers and then on to as many as 1,500 of their clients (see: Kaseya: Up to 1,500 Organizations Hit in Ransomware Attack).
Synnex notes that, along with an unnamed third-party security company, it’s conducting a thorough review of the attack.
“Synnex internal and external environments remained online throughout the period of attack. Synnex will continue to focus on maintaining secure operations for its customers and their end-user environments,” says Dennis Polk, president and CEO of Synnex. “We are a long-term distribution partner for Microsoft and along with them, responded with the requisite urgency to address the recent attacks and to limit the potential activities of these bad actors.”
Synnex did not immediately reply to a request for additional information.
Bloomberg News, citing unnamed sources, reports the Russian hacking group Cozy Bear, also known as APT29, last week gained access to the Republican National Committee through its connection to Synnex.
Cozy Bear is believed to have breached the Democratic National Committee in 2016 and also executed the supply chain attack against SolarWinds last year. The group is known by the nicknames Nobelium, The Dukes, StellarParticle and Dark Halo.
Cozy Bear is believed to be part of Russia’s SVR intelligence agency. Citing anonymous officials, The New York Times reports that investigators believe Russia is behind the attack against Synnex.
Tension has been rising between the U.S. and Russia, with the latter accused of pervasive cyberespionage and also giving safe harbor to gangs distributing ransomware. The U.S. government imposed fresh sanctions on Russia in April for election meddling and also the SolarWinds incident.
The attackers seeded a malicious software up in the company’s Orion network monitoring software, which was distributed to some 18,000 organizations. About 100 organizations, including the Justice, State, Treasury and Commerce departments, were targeted with follow-on malware (see: US Sanctions Russia Over SolarWinds Attack, Election Meddling).