The White House said on Wednesday that the FBI and other federal authorities are working with the Republican National Committee (RNC) after one of its third-party IT service providers was targeted as part of a series of ransomware hacking attempts believed to have been carried out with the help of Russian government-sponsored hackers.
During a Wednesday press gaggle with reporters traveling with Biden aboard Air Force One to Illinois, White House spokeswoman Jen Psaki said, “We, of course, are investigating” and the FBI is “in touch with the RNC.”
Psaki also said Biden and Vice President Kamala Harris were both briefed on the ransomware attack during a Wednesday meeting with national security officials “as a part of an internal update briefing on our across whole-of-government effort to address ransomware attacks.”
ABC reported the business-to-business IT firm Synnex was among those targeted by the recent set of ransomware attacks. Synnex serves as one of the IT firms working with the RNC. The RNC has said it was able to cut off Synnex’s access to its internal data before it could be compromised.
“Over the weekend, we were informed that Synnex, a third-party provider, had been breached,” RNC Chief of Staff Richard Walters told ABC News. “We immediately blocked all access from Synnex accounts to our cloud environment. Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials on this matter.”
Citing unnamed officials, Bloomberg reported on Tuesday that the ransomware attack had in fact breached the RNC’s internal data and that the Russian government hacking group APT 29, also known as “Cozy Bear,” was involved in the hacking effort.
On Wednesday, Psaki said, “I think some of the reporting got a little ahead of where the administration is and where actual attribution is.” Psaki said the investigation will continue and “we will determine attribution and make a decision accordingly.”
Psaki also said the hacking incident predates the Biden administration.
“Now, I would remind all of you that ransomware attacks are not new, the log in predated this administration,” she said.
Psaki did not say how the Biden administration would respond once it determines who was behind the ransomware hacks.
“We don’t have anything new to report in terms of attribution, nor do we have anything to do with you in terms of operational actions or considerations,” she said.
When asked about possible retaliatory sanctions, Psaki said, “It’s not in our interest to review those or preview our punches. As I like to say the President has a range of options should he determine to take action.”
The revelation of this latest suspected Russian hacking effort comes after Biden discussed cyber-security concerns with Russian President Vladimir Putin last month in Geneva, Switzerland. During their meeting, their first face-to-face discussion since Biden took office in January, Biden laid out “16 specific entities … from our energy sector to our water systems” that should be considered critical infrastructure “off-limits” from Russian cyberattacks. Biden also said he and Putin agreed on having U.S. and Russian cybersecurity experts “work on specific understandings about what is off-limits” for cyberattacks.
