Russian group known as APT 29 or Cozy Bear is causing a massive national stir in light of the latest ransomware attacks on American companies. Who are they and what do they want?
Cozy Bear, also known as advanced persistent threat 29 (APT29) is a Russian hacking group that has been accused of meddling with United States intelligence on multiple occasions. Evidence collected by the Dutch government has led to believe they are run by the Russian Foreign Intelligence Service (SVR). There is no clear indication of what Cozy Bear seeks to gain through their cyber-attacks and ransomware, but they have been caught interfering with commercial entities and government organizations in Germany, Uzbekistan, South Korea, and the US, including the US State Department and the White House in 2014.
Last week, the Republican National Convention was hacked by the Russian group Cozy Bear, causing a massive national stir. At the same time, a Russian-affiliated criminal group unleashed a large ransomware attack. Cozy Bear has been linked to Russia’s foreign intelligence service for a substantial amount of time and has been accused of such doings in the past. In 2016, they allegedly breached the Democratic National Committee which led to the indictment of 12 members of GRU, and carried out a supply-chain cyberattack on nine different US agencies.
While these allegations have been widespread and popular, the RNC spokesman Mike Reed stated, “There is no indication the RNC was hacked or any RNC information was stolen,” about the attacks. However, the Chief of Staff Richard Walters soon after announced that the third-party provider for the RNC, Synnex Corp., has also been breached.
“Over the weekend, we were informed that Synnex, a third-party provider, had been breached. We immediately blocked all access from Synnex accounts to our cloud environment,” he said. “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials, on this matter.”
Synnex also put out its own statement, admitting that it is “aware of a few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment.” The company will also work with Microsoft and a security firm to review and analyze the attack and locate the hackers.
The ransomware attacks have been targeted towards many organizations different from the RNC and DNC, such as Colonial Pipeline, insurance provider CNA, and IT software provider Kaseya. Statements from intelligence agencies in both the United States and the United Kingdom say that Russian military hackers are still as powerful and prevalent as ever. They stated the hackers have tried to access the networks of “hundreds of government and private sector targets worldwide” over the last three years and that their “efforts are almost certainly ongoing.”
The repeated attacks coming from Russian hackers raise the question of American security and what the current administration can do to combat these attacks if anything. President Biden had his first one-on-one meeting with Putin just last month which seemed to have gone smoothly and friendly. They discussed the American-Russian relationship and the popular cyberattacks which have been occurring towards the US. However, it is clear a rivalry between the two nations is still present and shows the words of Putin meant nothing.
Cybersecurity expert James A. Lewis stated about the summit, “Biden did a good job laying down a marker, but when you’re a thug, the first thing you do is test that red line.” He told his viewpoint on Russia’s actions to the New York Times on Tuesday. “And that’s what we’re seeing here.”
However, it will be difficult for the administration to hold off the advanced technology and intelligence possessed by Russian intelligence, especially considering there is no information regarding what they want and why they hack. They have infiltrated both Democrat and Republican databases as well as US Government organizations and the organizations of many other countries. The administration will attempt to come up with a solution to confront the hackers, but the necessary details about them are still to be seen.