Russians hacked Ukrainian company key to Trump's impeachment

A U.S. cybersecurity company says Russian military used a phishing campaign to steal information from a gas company tied to Hunter Biden in November.

Susan Walsh/AP
President Donald Trump walks along the colonnade of the White House in Washington, Jan. 13, 2020. A U.S. cybersecurity company said Russian military hacked the Ukrainian gas company at the center of the scandal that led to the president's impeachment.

A U.S. cybersecurity company says Russian military agents have successfully hacked the Ukrainian gas company at the center of the scandal that led to President Donald Trump's impeachment.

Russian agents launched a phishing campaign in early November to steal the login credentials of employees of Burisma Holdings, the gas company, according to Area 1 Security, a Silicon Valley company that specializes in email security.

Hunter Biden, son of former U.S. vice president and Democratic presidential hopeful Joe Biden, previously served on Burisma's board.

It was not clear what the hackers were looking for or may have obtained, said Area 1's CEO, Oren Falkowitz, who called the findings "incontrovertible" and posted an eight-page report. But the timing of the operation suggests that the Russian agents could be searching for material damaging to the Bidens.

The House of Representatives impeached Mr. Trump in December for abusing the power of his office by enlisting the Ukrainian government to investigate Mr. Biden, a political rival, ahead of the 2020 election. A second charge accused Mr. Trump of obstructing a congressional investigation into the matter.

"Our report doesn't make any claims as to what the intent of the hackers were, what they might have been looking for, what they are going to do with their success. We just point out that this is a campaign that's going on," said Mr. Falkowitz, a former National Security Agency offensive hacker whose company's clients include candidates for U.S. federal elected offices. In an earlier interview, he told The Associated Press that top candidates for the U.S. presidency and House and Senate races in 2020 have in the past few months each been targeted by about a thousand phishing emails.

Mr. Falkowitz did not name the candidates. Nor would he name any clients.

Russian hackers from the same military intelligence unit that Area 1 said was behind the operation targeting Burisma have been indicted for hacking emails from the Democratic National Committee and the chairman of Hillary Clinton's campaign during the 2016 presidential race.

Stolen emails were released online at the time by Russian agents and WikiLeaks in an effort to favor Mr. Trump, special counsel Robert Mueller determined in his investigation.

Area 1 discovered the phishing campaign by the Russian military intelligence unit, known as the GRU, on New Year's Eve, said Mr. Falkowitz, who would not discuss whom he notified prior to going public. He said he followed the industry standard process of responsible disclosure, which would include notifying Burisma.

In the report, he said the GRU agents used fake, lookalike domains in the phishing campaign that were designed to mimic the sites of real Burisma subsidiaries.

Mr. Falkowitz said the operation targeting Burisma involved tactics, techniques and procedures that GRU agents had used repeatedly in other phishing operations, matching "several patterns that lots of independent researchers agree mimic this particular Russian actor." Area 1 says it has been tracking the Russian agents for several years.

The discovery's timing – just weeks before presidential primaries begin in the United States – highlights the need to protect political campaigns from targeted phishing attacks, which are behind 95 percent of all information breaches, said Mr. Falkowitz.

"This is a real specific, timely case that has real implications," he said. "To discover it and potentially get out in front of it is a significant departure from what's typical in the cybersecurity community, where someone just tells you, yeah, you're dead."

In phishing, an attacker uses a targeted email to lure a target to a fake site that resembles a familiar one. There, unwitting victims enter their usernames and passwords, which the hackers then harvest. Phished credentials allow attackers both to rifle through a victim's stored email and masquerade as that person.

Area 1 said its researchers connected the phishing campaign targeting Burisma to an effort earlier last year that targeted Kvartal 95, a media organization founded by Ukrainian President Volodymyr Zelensky.

In this case, the Russian military agents, from a group security researchers call "Fancy Bear," peppered Burisma employees with emails designed to look like internal messages.

In order to detect phishing attacks, Area 1 maintains a global network of sensors designed to sniff out and block them before they reach their targets.

In July, the U.S. Federal Elections Commission gave Area 1 permission to offer its services to candidates for federal elected office and political committees at the same low rates it charges nonprofits.

This story was reported by The Associated Press.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.