Russian military agents have successfully hacked the Ukrainian gas company, which was at the center of the scandal that led to President Donald Trump’s impeachment, according to a U.S. cybersecurity firm.
According to Area 1 Security, a Silicon Valley company specializing in email security, Russian agents launched a phishing campaign in early November to steal credentials from employees of the gas company Burisma Holdings.
Hunter Biden, son of the former U.S. Vice President and Democratic President Joe Biden, previously served on Burisma’s board of directors.
It is not clear what the hackers were looking for or could have been looking for, said Area 1 CEO Oren Falkowitz, who described the results as “irrefutable” and published an eight-page report. However, the timing of the operation suggests that Russian agents might be looking for material that harms the Bidens.
The House of Representatives indicted Trump in December for abusing the power of his office by instructing the Ukrainian government to investigate Biden, a political rival, before the 2020 election. In a second indictment, Trump was accused of hindering a Congress investigation into the matter.
“Our report makes no claim as to what the hackers intended, what they might have been looking for, and what they would do with their success. We just point out that this is a campaign that is underway, ”said Falkowitz, a former National Security Agency offensive hacker, whose clients include US federal government candidates. In an earlier interview, he told The Associated Press that in the past few months, around a thousand phishing emails have targeted top candidates for the U.S. Presidency, as well as house and senate races in 2020.
Falkowitz did not name the candidates. He wouldn’t call customers either.
Latest news and analysis in your inbox
Thanks for signing up.
We have other newsletters that we think are interesting.
Oops. Something went wrong.
Please try again later.
Thank you very much,
The email address you provided is already registered.
Russian hackers from the same military intelligence agency, Area 1 said they are behind the Burisma operation, have been charged with hacking emails from the Democratic National Committee and the chairman of Hillary Clinton’s campaign during the 2016 presidential competition.
At that time, stolen emails were published online by Russian agents and WikiLeaks to give Trump preference, as special adviser Robert Müller found in his investigation.
Area 1 discovered the phishing campaign of the Russian military secret service GRU on New Year’s Eve, said Falkowitz, who did not want to discuss whom he notified before going public. He said he followed the industry’s responsible disclosure process, which would include notifying Burisma.
In the report, he said the GRU agents used fake, identical domains in the phishing campaign to mimic the websites of real Burisma subsidiaries.
According to Falkowitz, the Burisma-targeted operation included tactics, techniques, and procedures that GRU agents had repeatedly used in other phishing operations. “Several patterns were taken into account, which many independent researchers agree to imitate this particular Russian actor.” According to Area 1, the Russian agents have been persecuted for several years.
The timing of the discovery, just a few weeks before the presidential primaries begin in the United States, underscores the need to protect political campaigns from targeted phishing attacks, 95 percent of which can be attributed to information breaches, Falkowitz said.
“This is a really concrete, timely case that has real impact,” he said. “It’s a significant departure from what is common in the cybersecurity community if you just say it, yes, you’re dead.”
When phishing, an attacker uses targeted email to lure a target to a fake site that resembles a familiar site. Unsuspecting victims enter their usernames and passwords there, which the hackers then collect. With fake credentials, attackers can both search a victim’s saved email and disguise themselves as that person.
Area 1 reported that its researchers linked the phishing campaign against Burisma to an action directed against Kvartal 95, a media organization founded by Ukrainian President Volodymyr Zelenskiy.
In this case, the Russian military agents of a group of security researchers called “Fancy Bear” showered Burisma employees with emails that were supposed to look like internal messages.
To detect phishing attacks, Area 1 maintains a global network of sensors that are designed to spy on and block them before they reach their destinations.
In July, the U.S. Area 1 Federal Election Commission granted permission to offer candidates to the elected federal office and political committees their services at the same low rates that it charges nonprofits.