Russian military spies have hacked a Ukrainian gas company that is at the heart of an impeachment trial of President Donald Trump, who sought last year to pressure Ukraine to investigate the company and its links to Joe Biden’s son, according to a cybersecurity firm.
Beginning in early November, the Russian spy agency known as the GRU launched a phishing campaign against Burisma Holdings to trick unsuspecting employees into giving up their email credentials so the hackers could gain access to their email accounts - once again entangling Moscow in domestic U.S. politics, according to Area 1 Security, a Redwood City, California, company.
The operation's launch coincided with a congressional impeachment inquiry into Trump and whether he abused his office by seeking to press Ukrainian President Volodymyr Zelensky into announcing a probe of Burisma and Hunter Biden - an action that conceivably would aid Trump's reelection bid.
The GRU was active in the 2016 presidential campaign, hacking the servers of the Democratic Party and Hillary Clinton's campaign chairman and releasing their emails that summer and fall. The disclosures disrupted the Democratic convention and undermined Clinton's campaign in the critical final weeks, and the U.S. intelligence community concluded that with such actions Moscow aimed to help Trump and hurt Clinton.
Trump has publicly downplayed the intelligence agencies' conclusions and has suggested that it was Ukraine, not Russia, that interfered in the 2016 election. He and his personal attorney Rudy Giuliani have promoted an unfounded theory that Joe Biden, while vice president, tried to quash a corruption investigation of Burisma to protect his son. Hunter Biden no longer is on Burisma's board.
The GRU succeeded in breaching the servers of Burisma Holdings and several subsidiaries and partners, said Oren Falkowitz, Area 1 Security's chief executive.
"The timing of the GRU's campaign in relation to the 2020 U.S. elections raises the specter that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections," Falkowitz said. Area 1 discovered the breach on Dec. 31, he said.
It was not known what material the GRU gained access to, and if any of it will be released.
The GRU also targeted a media organization founded by Zelensky, the firm said.
Phishing is the most common technique used by hackers to gain access to victims' systems. Hackers send emails impersonating employees or people trusted by the targets, who are then tricked into clicking on links that contain malware or lead to malware-laced sites, enabling the hackers to obtain the victim's email credentials.
"The success of phishing relies on authenticity," Area 1 said in a report on the incident released Monday. "The GRU has applied verisimilitude in extensive masquerading of common business tools . . . to steal account credentials, gain access to internal systems and data, impersonate employees through the unauthorized use of their accounts."
The Office of the Director of National Intelligence in the fall produced a classified "national intelligence estimate" that assessed that the Russians would seek to interfere in the 2020 election, as it had in 2016.
The GRU campaign "demonstrates that there are a lot of targets that can be attacked by those who would interfere in our elections," said Laura Rosenberger, director of the Alliance for Securing Democracy, which tracks Russian disinformation efforts. "We should expect to see more of these reports."
Moscow's efforts are aimed at undermining our elections, Rosenberger said. "The goal is to undermine our institutions," she said.
The cybersecurity firm FireEye said Monday night that the activity described in the report is consistent with that of the GRU, though the firm said it could not validate Area 1's claim that Burisma was breached.
- - -
The Washington Post’s Greg Bensinger contributed to this report.