Russian hackers are accused of breaching a contractor for the Republican National Committee last week, around the same time that Russian cybercriminals launched the single largest global ransomware attack on record, incidents that are testing the red lines set by President Joe Biden during his high-stakes summit with President Vladimir Putin of Russia last month.
The RNC said in a statement today that one of its technology providers, Synnex, had been hacked. While the extent of the attempted breach remained unclear, the committee said none of its data had been accessed.
Early indications were that the culprit was Russia’s SVR intelligence agency, according to investigators in the case. The SVR is the group that initially hacked the Democratic National Committee six years ago and more recently conducted the SolarWinds attack that penetrated more than a half-dozen government agencies and many of the largest U.S. corporations.
The RNC attack was the second of apparent Russian origin to become public in the past few days, and it was unclear late today whether the two were related. On Sunday, a Russian-based cybercriminal organization known as REvil claimed responsibility for a cyberattack over the long holiday weekend that has spread to 800 to 1,500 businesses around the world. It was one of the largest attacks in history in which hackers shut down systems until a ransom is paid, security researchers said.
The twin attacks are a test for Biden just three weeks after he, in his first meeting as president with Putin, demanded that the Russian leader rein in ransomware activities against the United States. At the meeting, Biden said later, he presented Putin with a list of 16 critical sectors of the American economy that, if attacked, would provoke a response — although he was cagey about what that response would be.
“If, in fact, they violate these basic norms, we will respond with cyber,” Biden said at a news conference immediately after the meeting. “He knows.” But he quickly added of Putin that “I think that the last thing he wants now is a Cold War.”
White House officials were preparing to meet on Wednesday to discuss the latest ransomware attack, which used the innovative technique of getting into the supply chain of software used by governments, federal agencies and other organizations — a tactic that the SVR deployed in SolarWinds last year.
The White House did not directly address the breach of Synnex, the RNC contractor, which was reported earlier by Bloomberg News. But Biden plans to gather officials from several agencies in the Situation Room on Wednesday morning “to discuss the Biden-Harris administration’s overall strategic efforts to counter ransomware,” the White House said this evening.
The newest attacks appeared to cross many lines that Biden has said he would no longer tolerate. On the campaign trail last year, he put Russia “on notice” that, as president, he would respond aggressively to counter any interference in U.S. elections. Then in April, he called Putin to warn him about impending economic sanctions in response to the SolarWinds breach.
Last month, Biden used the summit with Putin to make the case that ransomware was emerging as an even larger threat, causing the kind of economic disruption that no state could tolerate. Biden specifically cited the halting of the flow of gasoline on the East Coast after an attack on Colonial Pipeline in June, as well as the shutdown of major meat-processing plants and earlier ransomware attacks that paralyzed hospitals.
The issue has become so urgent that it has begun shifting the negotiations between Washington and Moscow, raising the control of digital weapons to a level of urgency previously seen largely in nuclear arms control negotiations. Today, the White House press secretary, Jen Psaki, said U.S. officials will meet with Russian officials next week to discuss ransomware attacks — a dialogue the two leaders had agreed upon at their summit in Geneva.
Stronger measures have long been debated, and occasionally used. When Russian intelligence agencies put malicious code into the American power grid in recent years — where it is believed to reside to this day — the United States in turn put code into the Russian grid, and made sure it was seen, as a deterrent. Before the 2020 election, U.S. Cyber Command took down the servers of a major Russian cybercriminal operation to prevent it from locking up voting infrastructure.
But harsher measures have usually led to debates about whether the United States was risking escalation. Participants in those discussions have said they usually result in decisions to err on the side of caution, because so much of American infrastructure is poorly defended and vulnerable to counterstrikes.
The White House may face a more complex problem determining how to deal with the ransomware assaults that played out over the July Fourth weekend.
The attack, which began with a breach of Kaseya, a software maker in Florida, exhibited an unusual level of sophistication for ransomware groups, security experts said. REvil appeared to breach Kaseya through a “zero day”— an unknown flaw in the technology — according to the researchers, then used the company’s access to its customers computer systems to conduct ransomware attacks on its clients.
Researchers in the Netherlands had tipped Kaseya off to the flaw in its technology, and the company was working on a fix when REvil beat them to it, researchers said. It is unclear whether the timing was a coincidence or whether cybercriminals were tipped off to the flaw and worked quickly to exploit it.
In the past, REvil relied on more basic hacking methods — such as phishing emails and unpatched systems — to break in, researchers said. The group has demanded $70 million in bitcoin to release a tool that would allow all infected companies to recover, a sum that it had lowered to $50 million by today.
In her remarks today, Psaki, the White House spokeswoman, warned companies against paying because it would give the criminals an incentive to keep going. “The FBI has basically told companies not to pay ransom,” she said.
This article originally appeared in The New York Times.
By participating in online discussions you acknowledge that you have agreed to the Terms of Service. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. Report comments if you believe they do not follow our guidelines.
Having trouble with comments? Learn more here.