The National Rifle Association is facing a growing cyber headache caused by attackers who claim to have stolen data and by people manipulating social media to boost the bad news.
Grief, a ransomware gang connected to Russia, claimed the NRA as a victim last week and has posted info it purportedly took from the gun rights group on a website that Grief uses to leak data.
News of the attack spread quickly online, where scores of Twitter accounts that had no followers sought to amplify content about the attack by retweeting it.
The accounts were created in the last six months and followed no one, but they shared content containing information about the cyberattack, including posts from The Washington Times linking to a news report and from Brett Callow, an Emsisoft threat analyst who posted a screenshot of Grief’s website.
Asked about the new accounts’ activity, Twitter said it investigated and then cracked down on “numerous accounts violating our platform manipulation and spam policy.”
Twitter did not provide details about who was responsible for the manipulative behavior, including whether the accounts were connected to the group that claimed credit for hitting the NRA.
Whether the NRA is a victim of politically motivated hacking remains unclear as anti-NRA activists may seek to capitalize on cybercriminals’ exploits.
Mr. Callow said he initially assumed the Twitter accounts were the work of Grief trying to pressure the NRA to do its bidding but has noticed other similar social media activity focused on anti-NRA content, which has led him to conclude that more than one actor could be responsible for the NRA’s ongoing cyber troubles.
Cybersecurity professionals, including Mr. Callow, have linked Grief to the Russia-based Evil Corp., which the U.S. Treasury Department sanctioned in 2019.
Grief briefly removed the NRA from its website, leading some experts to question whether the NRA paid a ransom to its attackers.
Jon DiMaggio, chief security strategist at cyberthreat analysis provider Analyst1, tweeted that Grief removing its listing of the NRA from its website may have been evidence that the NRA paid up.
But the NRA listing on Grief’s leak website was visible Monday with a file labeled “corporate insurance” among other documentation, according to a screenshot published by Mr. Callow.
“Insurance docs are useful to ransomware operators as they effectively specify how much orgs can afford to pay — no matter what their balance sheets look like,” Mr. Callow tweeted.
The NRA has not responded to requests for comment.
Last week, the NRA published a tweet saying it would not discuss physical or electronic security matters.