RGA Data Breach: Another Organization Affected by Massive Microsoft Exchange Hacking Campaign
The Malicious Campaign Used to Exploit ProxyLogon Vulnerabilities and Impact Ten of Thousands of Organizations.
Following March’s hacking campaign against Microsoft Exchange, the Republican Governors Association announced an RGA data breach in a last week’s notification letter sent to impacted individuals with further details on the issue. During this malicious campaign, cybercriminals managed to breach its email servers.
What Information Was Exposed in the RGA Data Breach?
After March 10, an investigation was led by the Republican Governors Association regarding this matter. According to the notification letter, the investigation results showed that a small part of the RGA email server was accessible to hackers between February 2021 and March 2021 and this might mean that hackers’ access to it could have made personal data available to them.
In the beginning, the organization declared that it did not manage to determine if private data was involved in the information exposure process, but the further development of the investigation revealed that the following data was exposed:
- SSN (Social Security Numbers)
- Payment Info
The Well-known Microsoft Exchange Hacking Campaign
RGA was not the only one impacted over time by this Microsoft Exchange hacking campaign. As per BleepingComputer, this is a massive scale campaign that has affected ten of thousands of enterprises worldwide, as the cybercriminals exploited ProxyLogon vulnerabilities to perform their cyberattacks against on-premises Microsoft Exchange servers. The goal was, surely, sensitive data theft.
The attack methods of the hackers that exploited the above-mentioned zero-day flaws, among others, were to spread out on the compromised servers DearCry and Black Kingdom ransomware, as well as crypto mining malware or web shells.
These cyberattacks were revealed by Microsoft back in March. After that, APT groups that had been engaging in attacking the Microsoft Exchange servers were discovered by ESET, a cybersecurity company with its headquarters in Slovakia. This firm discovered at least 10 such cybercriminal groups.
As per Microsft declarations at that time, it was said that the author of some attacks was Hafnium, a hacking group sponsored by the Chinese state. The information that Chinese hackers were behind it was later confirmed by an official accusation coming from the US, EU, NATO, and the United Kingdom, holding China responsible for Microsoft Exchange-related attacks.
Implemented Measures Following This RGA Data Breach
The Republican Governors Association, also known as RGA, is an American organization that supports Republican applicants into their candidature as governors by providing them with campaign resources. It basically helps them get elected.
According to the same notification letter where the RGA data breach was related, the organization also mentioned that all potentially affected people are offered 2 years of complimentary services such as credit monitoring and identity recovery. The individuals will also have access to information that will help them mitigate identity theft.
In regard to this matter, RGA also applied Microsoft’s patches.
Once impacted individuals were identified, RGA worked to identify addresses, prepare statutorily compliant notification deliverables, and engage a vendor to provide call center, notification, and credit monitoring services. RGA completed its extensive address search on September 1, 2021.