The Republican Governors Association was hacked earlier this year – KION546


Posted by Sean Lyngaas, CNN

Hackers violated the Republican Governors Association in February and potentially disclosed the personal information of nearly 500 people associated with the organization, the RGA said in a public filing on Sept. 15.

Social security numbers may have been among the data disclosed, according to a statement accompanying the notice from RGA attorney Mark McCreary.

It was unclear who was responsible for the breach, exploited Microsoft software, or what the hackers did with the data they might have accessed. Jesse Hunt, an RGA spokesman, did not comment when asked by CNN who carried out the hack or how many people may have disclosed their social security numbers. McCreary did not respond to a request for comment.

These are just the recent aftermath of the discovery of critical vulnerabilities in Microsoft Exchange Server, a popular email software program that exposed companies in the US and Europe to hacking.

The activity came to light in March when Microsoft said Chinese pro-government agents who had previously targeted defense companies and infectious disease researchers had exploited the software flaws. But after a computer exploit became known for the bugs, cybercriminal groups took advantage of the situation to attack vulnerable organizations with ransomware and other scams.

The RGA did not become aware of the intruders on its network until March 10, eight days after Microsoft publicly announced the hacking campaign, according to the RGA data breach notice. According to the RGA, the attackers first broke into the network on February 28th [its] E-mail environment ”.

The RGA said it updated its Microsoft software after the violation. In a notice to two Maine residents affected by the breach, the RGA said it was “unable to determine what, if any, personal information was affected by the incident.”

The Biden government blamed China for the first Microsoft violations in July, with a senior civil servant calling it part of a “pattern of irresponsible cyberspace behavior” from China. Beijing rejects the allegations.

Cybersecurity remains a point of contention between Washington and Beijing. President Joe Biden raised the issue in a phone call with Chinese President Xi Jinping on September 9, according to a senior administrative official.

At the height of the Exchange Server problem, researchers estimated that tens of thousands of US states and local businesses were using the vulnerable software. Many of these organizations were able to install a software update to protect them from exposure.

The hacks resulted in several meetings of the Biden administration’s National Security Council calling on US organizations to step up their defenses. Concerned that more data breaches would follow, the FBI used a court order in April to use Exchange Server to remove malicious code from hundreds of US computers.

“Exchange servers provide attackers with a wealth of information that can be stolen in the form of e-mails or attachments,” says Sean Koessel, co-founder of the security company Volexity. The company was investigating some of the Microsoft hacks, but Koessel said he was unaware of the RGA incident.

“By compromising Exchange Server, attackers can get straight to the source instead of having to compromise a target through other means such as phishing,” Koessel told CNN.

The CNN Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia company. All rights reserved.


About Author

Leave A Reply