Friday, September 17, 2021

RGA Hacked This Year

Hackers breached the Republican Governors Association (RGA) in February, potentially Exposing the Personal Data of nearly 500 People affiliated with the Organization, the RGA said in a September 15th Public Filing.

Social Security Numbers may have been among the exposed Data, according to a Statement accompanying the Notification from Mark McCreary, an Attorney for the RGA.

It was unclear who was responsible for the Breach, which exploited Microsoft Software, or what the Hackers did with any Data they may have accessed.

It's just the latest fallout, from the Discovery earlier this year of Critical Vulnerabilities in Microsoft Exchange Server, a popular Email Software Program, that exposed Organizations across the U.S. and Europe to Hacking.

The Activity came to light in March, when Microsoft said that Chinese Government-linked Operatives with a History of Targeting Defense Contractors, and Infectious Disease Researchers, had Exploited the Software Flaws.

But after a Computer Exploit for the Flaws became Public, Cybercriminal Groups also took Advantage of the Situation to Target vulnerable Organizations with Ransomware and other Scams.

According to the RGA Data Breach notice, it wasn't until March 10th, eight days after the Microsoft Public Statement about the Hacking Campaign, that the RGA became aware of the Intruders in its Network.

The Attackers initially breached the Network on February 28th, according to the RGA, which said that "a small portion of [its] email environment" was accessed.

The RGA said that it Updated its Microsoft Software after the Breach. In a Notification sent to Two Maine Residents affected by the Breach, the RGA said it was "unable to determine what personal information, if any, was impacted as a result of the incident."

The Biden Administration, in July, blamed China for the Initial Microsoft Breaches, with a Senior Administration Official, calling it part of "a pattern of irresponsible behavior in cyberspace" from China. Beijing has Denied the Accusations.

Cybersecurity has continued to be a point of Contention between Washington and Beijing. President Biden raised the Issue, in a September 9th Call, with Chinese President Xi Jinping.

At the height of the Exchange Server issue, Researchers estimated that Tens of Thousands of U.S. State and Local Business, were running the Vulnerable Software. Many of those Organizations, were able to Apply a Software Update to Protect them from Compromise.

TheHhacks prompted multiple Meetings of the Biden Administration's National Security Council (NSC), which urged U.S. Organizations to raise their Defenses.

Concerned that more Data Breaches would follow, the FBI used a Court Order, in April, to Remove Malicious Code from Hundreds of U.S. Computers using Exchange Server.

"Exchange servers provide attackers with a wealth of information which can be stolen in the form of emails or attachments," said Sean Koessel, Co-Founder of Security Firm Volexity.

The Firm investigated some of the Microsoft Hacks, but Koessel said he had No knowledge of the RGA Incident.

"By compromising Exchange Server, attackers are able to go directly to the source, instead of having to compromise a target via other means, such as phishing," Koessel said.

NYC Wins When Everyone Can Vote! Michael H. Drucker

No comments: