Russian agents 'hacked Ukrainian gas firm in Trump impeachment scandal' amid election meddling fears

Associated Press
Hunter Biden, son of former US vice president and Democratic presidential hopeful Joe Biden, previously served on Burisma’s board. - REUTERS

A US cybersecurity company says Russian military agents successfully hacked the Ukrainian gas company at the centre of the scandal that led to President Donald Trump’s impeachment.

Russian agents launched a phishing campaign in early November aimed at stealing the login credentials for employees of Burisma Holdings, the gas company, according to Area 1 Security, a Silicon Valley company that specialises in e-mail security.

Hunter Biden, son of former US vice president and Democratic presidential hopeful Joe Biden, previously served on Burisma’s board.

It was not clear from an eight-page report posted online by Area 1 what the hackers were looking for or may have obtained. The timing of the operation suggests, however, that the Russian agents could be searching for material that could damage the Bidens.

Adam Schiff, Chairman of the House Inteligence Committee, said:  "The Russians appear to be at it again. According to a new report, they’re hacking information that could be a prelude to more election interference in 2020."

The House of Representatives impeached Mr Trump in December for abusing the power of his office by enlisting the Ukrainian government to investigate Biden, a political rival, ahead of the 2020 election. A second charge accused Mr Trump of obstructing a congressional investigation into the matter.

Area 1 CEO Oren Falkowitz is a former National Security Agency employee. His company offers e-mail security to US politicians. In an interview on Friday, he told The Associated Press that top candidates for the US presidency and House and Senate races in 2020 have in the past few months each been targeted by about one thousand phishing emails.

Mr Falkowitz did not name the candidates. Nor would he name any clients.

Russian hackers from the same military intelligence unit that Area 1 said was behind the operation targeting Burisma have been indicted for hacking emails from the Democratic National Committee and the chairman of Hillary Clinton’s campaign during the 2016 presidential race.

Stolen emails were released online at the time by Russian agents and WikiLeaks in an effort to favour Mr Trump, special counsel Robert Mueller determined in his investigation.

Area 1 discovered the phishing campaign by the Russian military intelligence unit, known as the GRU, on New Year’s Eve, Mr Falkowitz said via e-mail.

In the report, he said the GRU agents used fake, lookalike domains in the phishing campaign designed to mimic real Burisma subsidiaries.

The cybersecurity researchers said the operation targeting Burisma used tactics, techniques and procedures that GRU agents had used repeatedly in other phishing operations. Area 1 says it has been tracking the Russian agents for several years.

Phished credentials allow attackers both to rifle through a victim’s stored email and masquerade as that person.

Area 1 said its researchers connected the phishing campaign targeting Burisma to another that targeted a media organisation founded by Ukrainian President Volodymyr Zelenskiy.

In phishing, an attacker uses a targeted email to lure a target to a fake site that resembles a familiar one. There, unwitting victims enter their usernames and passwords, which the hackers then harvest.

In this case, the Russian military agents, from a group security researchers call "Fancy Bear," peppered Burisma employees with emails designed to look like internal messages.

In order to detect phishing attacks, Area 1 maintains a global network of sensors designed to sniff out and block them before they reach their targets.

In July, the US Federal Elections Commission gave Area 1 permission to offer its services to candidates for federal elected office and political committees at the same low rates it charges non-profits.