The Republican Governors Association email server was breached by state hackers. The RGA revealed in a data breach notification letter sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021:
On March 10, 2021, RGA was alerted to an exploit in Microsoft’s Exchange Service email software. This was a widespread exploit at Microsoft that threat actor(s) utilized to attack companies across the globe. Once RGA learned of the exploit, it immediately launched an investigation, with the assistance of cybersecurity experts, into the nature and scope of the incident. As part of this investigation, RGA determined that the threat actors accessed a small portion of RGA’s email environment between February 2021 and March 2021, and that personal information may have been accessible to the threat actor(s) as a result.
The forensic investigation was unable to identify what personal information, if any, was impacted as a result of this incident. Out of an abundance of caution, RGA commenced a thorough data mining effort to identify potentially impacted individuals. Once impacted individuals were identified, RGA worked to identify addresses, prepare statutorily compliant notification deliverables, and engage a vendor to provide call center, notification, and credit monitoring services. RGA completed its extensive address search on September 1, 2021.
The address search determined that your state resident(s) had name in addition to one of the following accessible to the threat actor(s): Social Security number or payment card information.
Saumitra Das, CTO and Cofounder, Blue Hexagon had this to say about the attack:
The MS Exchange vulnerabilities affected a large number of organizations such as the RGA. Even after the vulnerabilities were announced several servers remained (1) Accessible to the general Internet, and (2) Unpatched. So the attacks likely continued for a long time after the original CVEs were published. In addition, organizations are typically not inspecting East-West internal network traffic and even North-South external traffic is inspected usually with a legacy threat or malware signature-based firewall. Post initial access, detection and response at the network and endpoint layer could potentially thwart such state-sponsored attacks.
It’s time for companies to alter how they defend their Exchange server so that attacks like this aren’t as effective.
Like this:
Like Loading...
Related
This entry was posted on September 21, 2021 at 10:00 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The Republican Governors Association Admits That Its Exchange Server Got Pwned Earlier This Year
The Republican Governors Association email server was breached by state hackers. The RGA revealed in a data breach notification letter sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021:
On March 10, 2021, RGA was alerted to an exploit in Microsoft’s Exchange Service email software. This was a widespread exploit at Microsoft that threat actor(s) utilized to attack companies across the globe. Once RGA learned of the exploit, it immediately launched an investigation, with the assistance of cybersecurity experts, into the nature and scope of the incident. As part of this investigation, RGA determined that the threat actors accessed a small portion of RGA’s email environment between February 2021 and March 2021, and that personal information may have been accessible to the threat actor(s) as a result.
The forensic investigation was unable to identify what personal information, if any, was impacted as a result of this incident. Out of an abundance of caution, RGA commenced a thorough data mining effort to identify potentially impacted individuals. Once impacted individuals were identified, RGA worked to identify addresses, prepare statutorily compliant notification deliverables, and engage a vendor to provide call center, notification, and credit monitoring services. RGA completed its extensive address search on September 1, 2021.
The address search determined that your state resident(s) had name in addition to one of the following accessible to the threat actor(s): Social Security number or payment card information.
Saumitra Das, CTO and Cofounder, Blue Hexagon had this to say about the attack:
The MS Exchange vulnerabilities affected a large number of organizations such as the RGA. Even after the vulnerabilities were announced several servers remained (1) Accessible to the general Internet, and (2) Unpatched. So the attacks likely continued for a long time after the original CVEs were published. In addition, organizations are typically not inspecting East-West internal network traffic and even North-South external traffic is inspected usually with a legacy threat or malware signature-based firewall. Post initial access, detection and response at the network and endpoint layer could potentially thwart such state-sponsored attacks.
It’s time for companies to alter how they defend their Exchange server so that attacks like this aren’t as effective.
Share this:
Like this:
Related
This entry was posted on September 21, 2021 at 10:00 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.