The NRA Has Reportedly Been Hacked

The NRA Has Reportedly Been Hacked
Wayne LaPierre, Executive Vice President of the National Rifle Association, at the Conservative Political Action Conference in March 2016. (Photo: Alex Wong, Getty Images)

The National Rifle Association has reportedly been hacked. A cybercriminal gang claims to have stolen the much maligned gun lobby’s data and has been posting samples of it to the internet.

The gang behind the attack — which calls itself “Grief” — recently began sharing images of the reputed files to a site on the dark web. It is unclear just how much data is supposed to have been stolen. Members of infosec Twitter wasted no time posting screenshots of the gang’s claims on Wednesday.

Ransomware gangs will often post samples of their victim’s information to such publicly available “leak sites.” This is an extortion tactic, meant to goad victims into caving to criminals’ financial demands. In this case, NBC reports that Grief would appear to have posted screenshots of NRA grant proposals, excerpts from an email, and minutes from a recent tele-meeting held by the association, along with other internal documents and information.

The NRA has not yet confirmed the incident. Phone calls to its press line weren’t immediately returned. We also reached out to the organisation for comment via email and will update our story if they respond.

For the NRA, this is probably not the greatest time for this to happen (not that that there is a great time for your documents and emails to get stolen). The gun lobby has been going through a lot of shit lately — from ongoing controversies and turmoil involving members of its management to the fact that its currently being sued by the New York Attorney General. In the past, the organisation has faced criticism for a whole variety of things — not least of which is its habit of showing up to communities that have suffered mass shootings to hold giant pro-gun rallies (in the case of the infamous Columbine shooting, a rally was held only weeks after the shooting took place).

Grief is believed to be associated with a Russia-based cybercriminal group, Evil Corp, that was sanctioned by the U.S. Treasury in 2019. That group was the developer behind the infamous Dridex malware, a strain of malicious software used to harvest login credentials from hundreds of banks and other financial institutions. The group has also allegedly been connected to other prominent ransomware operations — DoppelPaymer and BitPaymer. Evil Corp pissed American officials off so much that, in the same year that it was sanctioned, the State Department issued a $US5 ($7) million reward for any information leading to the “capture or conviction” of the group’s leader. Some security experts have postulated that Grief is the reconstitution of criminal elements that originally operated DoppelPaymer.


Editor’s Note: Release dates within this article are based in the U.S., but will be updated with local Australian dates as soon as we know more.