Russian hackers allegedly breached a Republican National Committee contractor last week, around the same time Russian cybercriminals launched the largest global ransomware attack on record, the incident is testing boundaries red line set by President Biden during the summit. with Russian President Vladimir V. Putin last month.
RNC said in a statement Tuesday that one of its technology providers, Synnex, was hacked. While the extent of the breach attempt remains unclear, the commission said none of its data was accessed.
According to investigators in the case, early indications are that the culprit is Russia’s SVR intelligence agency. SVR was the original group that attacked the Democratic National Committee six years ago and recently carried out the SolarWinds attack that infiltrated more than half a dozen government agencies and many of the largest US corporations.
The RNC attack was the second of Russian origin to be made public in the past few days, and it was not clear late Tuesday whether the two were related. On Sunday, a Russia-based cybercrime organization called REvil claimed responsibility for a weekend-long holiday cyberattack that spread to 800 to 1,500 businesses across the country. world. Security researchers say this is one of the largest attacks in history, in which hackers shut down systems until a ransom is paid.
The twin attack was a test for Biden just three weeks after he, in his first presidential meeting with Putin, asked the Russian leader to curb ransomware operations against the United States. Ky. At the meeting, Mr. Biden said he later presented Putin with a list of 16 key sectors of the US economy that, if attacked, would trigger a reaction – although he did not know that response. How will.
“If, in fact, they violate these basic standards, we will respond online,” Biden said at a press conference shortly after the meeting. “He knows.” But he was quick to add about Putin, saying, “I think the last thing he wants right now is a Cold War.”
White House officials are set to meet on Wednesday to discuss the latest ransomware attack, which uses innovative techniques to infiltrate the supply chain of software used by governments and federal agencies. and other organizations – a tactic that SVR implemented in SolarWinds last year.
The White House did not immediately respond to a request for comment on the breach by Synnex, the RNC contractor.
The latest attacks appear to cross many lines that Mr. Biden has said he will no longer tolerate. During last year’s campaign, he put Russia on a “note” that, as president, he would react decisively against any interference in US elections. Then, in April, he called Putin to warn him of impending economic sanctions in response to the SolarWinds breach.
Last month, Mr. Biden used his summit with Mr. Putin to make the case that ransomware is emerging as an even bigger threat, causing the kind of economic disruption that no state can. tolerance. Mr. Biden specifically cited the shutdown of gasoline on the East Coast following an attack on the Colonial Pipeline in June, as well as the closures of major meat processing plants and previous ransomware attacks did. Paralyze hospitals.
The issue has become so pressing that it has begun shifting talks between Washington and Moscow, elevating digital arms control to the level of urgency formerly commonly seen in arms control negotiations. Nuclear. On Tuesday, the White House press secretary, Jen Psaki, said US officials will meet with Russian officials next week to discuss ransomware attacks – a conversation the two leaders have leaders agreed at their summit in Geneva.
On Saturday, as the attacks were underway, Putin delivered a timely speech on the implementation of Russia’s latest national security strategy, which outlined measures to deal with the country’s influence. out. The document states that “the traditional spiritual-moral and cultural-historical values of Russia are being actively attacked by the US and its allies”.
While the strategy reaffirms Moscow’s commitment to using diplomacy to resolve conflicts, it emphasizes that Russia “considers it legitimate to take symmetric and asymmetrical measures” to prevent it. unfriendly actions” of foreign countries.
Cybersecurity experts said that comment was Putin’s reaction to his summit with Biden.
James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, said: “Biden has done a great job of laying out a marker, but when you’re a thug, the the first thing you do is check that red line. . “And that’s what we’re seeing here.”
Mr Lewis added that “low-level penalties” such as sanctions were over. “The White House is going to have to take stronger measures, whether it’s something in cyberspace, or a more painful legal or financial maneuver,” he said.
Stronger measures have long been debated and are used occasionally. When Russian intelligence agencies introduced malicious code into the US power grid in recent years – where it is said to reside to this day – it was the US’s turn to put the code into the Russian grid and ensure that it would work. considered as a deterrent. Ahead of the 2020 election, US Cyber Command took down the servers of a major Russian cybercriminal operation to prevent it from locking down voting infrastructure.
But harsher measures often lead to debates over whether the United States is risking escalation. Those involved in those discussions said they often led to erroneous decisions on the prudent side, since much of America’s infrastructure is poorly defended and vulnerable to counterattacks.
Without a doubt, the tempo of the daily short-term cyber war with Russia is accelerating. That has prompted the Biden administration to look for new diplomatic options. The State Department is in discussions with representatives of about 20 foreign governments to develop a list of consequences for foreign cyberattacks, including sanctions, diplomatic expulsion and other sanctions. more drastic counterattack, including in the cyber sphere.
Synnex’s ability to breach SVR makes it unclear whether the RNC was the target or if it was unintended collateral damage in a broader attack that may not have been aimed at the Republican Party.
In a statement, Synnex said its attempt to compromise its systems was “potentially related to recent cybersecurity attacks”.
“Is this an unguided shotgun blast, or is it a rifle that was carefully targeted at a foreign intelligence target?” Bobby Chesney, director of the Robert S. Strauss Center for International Security and Law at the University of Texas at Austin.
If it were the former, he said, it could cross the line the White House has set when it comes to punishing Russia for its violation of SolarWinds and its customers. If it were the latter, it could be seen as the kind of intelligence-gathering that all major nations engage in – and therefore not something the United States could seek to punish.
When the Democratic National Committee was hacked, first by the SVR in 2015 and then by Russia’s military intelligence unit, the GRU, in 2016, evidence released by the FBI showed the computers Owners used by the RNC – also held by contractors – were also targeted. (There is no evidence that the server hosting the sensitive data or that the data was stolen.)
The White House may face a more complex problem than determining how to respond to the ransomware attacks that took place over the weekend of July 4.
Security experts said the attack began with a breach by Kaseya, a software maker in Florida, that showed an unusual level of sophistication for ransomware groups. REvil appears to have compromised Kaseya for a “zero day” – an unknown flaw in the technology – according to researchers, then used the company’s access to the system customers’ computers to launch ransomware attacks on its customers.
Researchers in the Netherlands pointed to a flaw in Kaseya’s technology, and the company was looking to fix it when REvil beat them, the researchers said. It is unclear whether the timing was a coincidence or if cybercriminals found the vulnerability and quickly exploited it.
In the past, REvil has relied on more basic hacking methods – such as phishing emails and unpatched systems – to break in, the researchers said. The team asked for $70 million in Bitcoin to release a tool that would allow all infected companies to recover, the amount of which was reduced to $50 million on Tuesday.
In her remarks on Tuesday, Ms. Psaki, the White House spokeswoman, warned companies against paying because that would create an incentive for criminals to continue operating. “The FBI basically asked the companies not to pay the ransom,” she said.
Annie Karni contribution report.