The National Rifle Association (NRA) appeared to be recently hacked by a Russian ransomware group named Grief. The group reportedly got hold of internal NRA documents about grant proposals, emails, and meeting minutes and posted the files online, threatening to leak more if the NRA did not pay up. The documents are now deleted from Grief's website and the NRA has remained silent about whether or not they have paid the ransom, however, according to a report from "The Daily Beast", Grief went even beyond to try to get their pay.
When the hack made headlines, a mysterious group of Twitter bots started sharing and posting almost exclusively about Grief. Sam Riddell, associate threat intelligence analyst of information operations at FireEye's Mandiant, told The Daily Beast that the bot's purpose seems to be to amplify coverage of Grief's hacking incidents.
It appears that Grief has been dissatisfied with the attention their activities have been getting, according to security experts that spoke with The Daily Beast. "These groups have started to adopt new strategies, or new levers, effectively, for pushing out their message and getting people to pay attention to it." said Jeremy Kennelly, senior manager of financial crime analysis at Mandiant.
Riddell said that odds are high that Grief is operating this mysterious network of Twitter bots. And Kennelly said that this could be a new tactic that other groups might use to extort their victims. "It wouldn't surprise me if in the wake of this we see that used more broadly." said Kennelly.
Another security firm, GroupSense, told The Daily Beast the bots are also posting about political issues, such as the NRA, gun violence and Nazis. The CEO of GroupSense, Tom Richards, said these hacking groups could be influenced by "nation-state actors."
But the effectiveness of this Twitter network and tactics like it have experts like Ridell skeptical. "Just because these actors are trying this doesn't mean it's successful."