The National Rifle Association has reportedly been hacked. A cybercriminal gang claims to have stolen the much maligned gun lobby’s data and has been posting samples of it to the internet.
The gang behind the attack—which calls itself “Grief”—recently began sharing images of the reputed files to a site on the dark web. It is unclear just how much data is supposed to have been stolen, though members of the infosec community have wasted no time in posting screenshots of the leaked material to Twitter.
Ransomware gangs will often post samples of their victim’s information to publicly available “leak sites.” This is an extortion tactic, meant to goad victims into caving to criminals’ financial demands. In this case, NBC reports that Grief would appear to have posted screenshots of NRA grant proposals, excerpts from an email, and minutes from a recent tele-meeting held by the association, along with other internal documents and information.
The NRA has not yet confirmed the incident and phone calls to its press line weren’t immediately returned. Gizmodo also reached out to the organization for comment via email and we will update our story if they respond.
For the NRA, this is probably not the greatest time for this to happen (not that that there is a great time for your documents and emails to get stolen). The gun lobby has been going through a lot of shit lately—from ongoing controversies and turmoil involving members of its management to the fact that its currently being sued by the New York Attorney General. In the past, the organization has faced criticism for a whole variety of things—not least of which is its habit of showing up to communities that have suffered mass shootings to hold giant pro-gun rallies (in the case of the infamous Columbine shooting, a rally was held only weeks after the shooting took place).
Grief is believed to be associated with a Russia-based cybercriminal group, Evil Corp, that was sanctioned by the U.S. Treasury in 2019. Evil Corp was the developer behind the infamous Dridex malware, a strain of malicious software used to harvest login credentials from hundreds of banks and other financial institutions. The group has also allegedly been connected to numerous other prominent ransomware operations—including DoppelPaymer and BitPaymer. Evil Corp pissed American officials off so much that, in the same year that it was sanctioned, the State Department issued a $5 million reward for any information leading to the “capture or conviction” of the group’s leader. Some security experts have theorized that Grief is the reconstitution of criminal elements that originally operated DoppelPaymer.