• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

The Security Conscious NRA Breached by Russian Hacking Group

November 1, 2021 By Trevor Collins

The NRA has found itself in the middle of a potential breach and ransomware attack. This happened last week after the Russian hacking group Greif reportedly gained access. Greif has close ties to Evil Corp (another advanced hacking group currently sanctioned by the US) or may even just be the same group rebranded. Grief posted proof of their attack in the form of several documents they claim to have stolen from the NRA’s systems. At this time, we don’t know how much the group accessed and if they were limited to a regional office or had access to a national office.

After an initial investigation into the breach, we downloaded a sample from the group of the data they retrieved. A few days later while reviewing the data we found Greif had removed all references to the NRA from its dark web website for some reason. This usually happens because someone has paid for the data to be removed. Either the NRA has, or someone bought the data in an exclusive contract. We had time to save the data before they removed it.

Some documents included a Tax ID and payment information to different groups. Most documents included how much they donated to groups and some tax documents. The NRA did make a statement on Twitter that they “the NRA takes extraordinary measures to protect information regarding its members, donors, and operations…”

 

“NRA does not discuss matters relating to its physical or electronic security. However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”–Andrew Arulanandam, managing dir., NRA Public Affairs

— NRA (@NRA) October 27, 2021

 

Greif has plenty of motivation for this hack besides monetary. The US has recently banned the import of Russian ammunition, and this could be a misguided political attack. More likely though, after the FBI and MI5 takedown of REvil, many Russian groups responded with angry threats of cyberattacks.  Protecting yourself from these threats means keeping your network secure but also keeping a backup of your data to have the ability to recover from a ransomware attack.

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • When Trying to Catch ‘Em All, Leave This RAT Alone

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • The RCE Vulnerability That Wasn’t
  • When Trying to Catch ‘Em All, Leave This RAT Alone
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use