Advertisement
  1. News
  2. /
  3. Nation & World

Russians hacked company key to Ukraine scandal: researchers

Russian agents launched a phishing campaign in early November to steal the login credentials of employees of gas company, Burisma Holdings.
President Donald Trump walks along the colonnade of the White House in Washington, Monday, Jan. 13, 2020. A U.S. cybersecurity company says Russian military agents successfully hacked the Ukrainian gas company at the center of the scandal that led to President Donald Trump's impeachment. [SUSAN WALSH  |  AP]
President Donald Trump walks along the colonnade of the White House in Washington, Monday, Jan. 13, 2020. A U.S. cybersecurity company says Russian military agents successfully hacked the Ukrainian gas company at the center of the scandal that led to President Donald Trump's impeachment. [SUSAN WALSH | AP]
Published Jan. 14
Updated Jan. 14

BOSTON — A U.S. cybersecurity company says Russian military agents have successfully hacked the Ukrainian gas company at the center of the scandal that led to President Donald Trump’s impeachment.

Russian agents launched a phishing campaign in early November to steal the login credentials of employees of Burisma Holdings, the gas company, according to Area 1 Security, a Silicon Valley company that specializes in e-mail security.

Hunter Biden, son of former U.S. vice president and Democratic presidential hopeful Joe Biden, previously served on Burisma's board.

It was not clear what the hackers were looking for or may have obtained, said Area 1′s CEO, Oren Falkowitz, who called the findings “incontrovertible” and posted an eight-page report. But the timing of the operation suggests that the Russian agents could be searching for material damaging to the Bidens.

The House of Representatives impeached Trump in December for abusing the power of his office by enlisting the Ukrainian government to investigate Biden, a political rival, ahead of the 2020 election. A second charge accused Trump of obstructing a congressional investigation into the matter.

“Our report doesn't make any claims as to what the intent of the hackers were, what they might have been looking for, what they are going to do with their success. We just point out that this is a campaign that's going on,” said Falkowitz, a former National Security Agency offensive hacker whose company's clients include candidates for U.S. federal elected offices. In an earlier interview, he told The Associated Press that top candidates for the U.S. presidency and House and Senate races in 2020 have in the past few months each been targeted by about a thousand phishing emails.

Falkowitz did not name the candidates. Nor would he name any clients.

Russian hackers from the same military intelligence unit that Area 1 said was behind the operation targeting Burisma have been indicted for hacking emails from the Democratic National Committee and the chairman of Hillary Clinton's campaign during the 2016 presidential race.

Stolen emails were released online at the time by Russian agents and WikiLeaks in an effort to favor Trump, special counsel Robert Mueller determined in his investigation.

Area 1 discovered the phishing campaign by the Russian military intelligence unit, known as the GRU, on New Year’s Eve, said Falkowitz, who would not discuss whom he notified prior to going public. He said he followed the industry-standard process of responsible disclosure, which would include notifying Burisma.

In the report, he said the GRU agents used fake, lookalike domains in the phishing campaign that were designed to mimic the sites of real Burisma subsidiaries.

Falkowitz said the operation targeting Burisma involved tactics, techniques and procedures that GRU agents had used repeatedly in other phishing operations, matching “several patterns that lots of independent researchers agree mimic this particular Russian actor.” Area 1 says it has been tracking the Russian agents for several years.

The discovery's timing — just weeks before presidential primaries begin in the United States — highlights the need to protect political campaigns from targeted phishing attacks, which are behind 95 percent of all information breaches, said Falkowitz.

“This is a real specific, timely case that has real implications," he said. "To discover it and potentially get out in front of it is a significant departure from what's typical in the cyber security community, where someone just tells you, yeah, you're dead.”

In phishing, an attacker uses a targeted email to lure a target to a fake site that resembles a familiar one. There, unwitting victims enter their usernames and passwords, which the hackers then harvest. Phished credentials allow attackers both to rifle through a victim's stored email and masquerade as that person.

Area 1 said its researchers connected the phishing campaign targeting Burisma to an effort earlier last year that targeted Kvartal 95, a media organiza tion founded by Ukrainian President Volodymyr Zelenskiy.

In this case, the Russian military agents, from a group security researchers call "Fancy Bear," peppered Burisma employees with emails designed to look like internal messages.

In order to detect phishing attacks, Area 1 maintains a global network of sensors designed to sniff out and block them before they reach their targets.

In July, the U.S. Federal Elections Commission gave Area 1 permission to offer its services to candidates for federal elected office and political committees at the same low rates it charges non-profits.

ALSO IN THIS SECTION

  1. La iglesia católica de la Inmaculada Concepción tuvo fuertes daños tras el fuerte sismo del sábado 11 de enero de 2020 porque había quedado resentida de otro sismo previo en Guanica, Puerto Rico. (AP Foto/Carlos Giusti) [CARLOS GIUSTI  |  AP]
    The U.S. Geological Survey said the quake occurred at a depth of eight miles (13 kilometers) around the southern coastal town of Guayanilla, located close to the epicenters of most of the recent...
  2. President Donald Trump points to the crowd as he arrives to speak during the annual "March for Life" rally on the National Mall, Friday, Jan. 24, 2020, in Washington. (AP Photo/ Evan Vucci) [EVAN VUCCI  |  AP]
    As the Democratic primary intensifies before the first contests to decide the nominee, Trump and his allies have issued a series of curiously favorable comments about Sanders.
  3. In this image from video, House impeachment manager Rep. Adam Schiff, D-Calif., speaks during the impeachment trial against President Donald Trump in the Senate at the U.S. Capitol in Washington, Friday, Jan. 24, 2020. [AP]
    As Democrats finished their third day before skeptical Republican senators, Trump’s legal team prepared to start his defense, expected on Saturday.
  4. In this July 30, 2019, file photo, a Super Mario figure is displayed at a showroom in Tokyo. After months of being tight-lipped, Comcast executives on Thursday, Jan. 23, 2020, said the fourth park at Universal Orlando would be based on characters from Nintendo. [KOJI SASAHARA  |  AP]
    Universal Studios is building theme parks based on Nintendo video games across the world. Orlando is set to get its Super Nintendo World in 2023.
  5. People climbing the Sydney Harbour Bridge stop under flags flying at half-mast as mark of mourning and respect in Sydney, Australia, Friday, Jan. 24, 2020, for three U.S. crew members of an aerial water tanker that crashed Thursday while battling wildfires in Australia. [RICK RYCROFT  |  AP]
    The deaths came during an unprecedented wildfire season that has left a large swath of destruction in Australia’s southeast.
  6. In this image from video, House impeachment manager Rep. Adam Schiff, D-Calif., holds redacted documents as he speaks during the impeachment trial against President Donald Trump in the Senate at the U.S. Capitol in Washington, Wednesday. (Senate Television via AP) [AP]
    Prosecutors made an expansive case that Trump abused power like no other president in history.
  7. Health Officials in hazmat suits check body temperatures of passengers arriving from the city of Wuhan Wednesday, at the airport in Beijing, China. Nearly two decades after the disastrously-handled SARS epidemic, China’s more-open response to a new virus signals its growing confidence and a greater awareness of the pitfalls of censorship, even while the government is as authoritarian as ever. (AP Photo Emily Wang) [EMILY WANG  |  AP]
    The CDC said the risk to the U.S. public remains low but it’s likely more cases will be diagnosed in the coming days.
  8. In this Oct. 23, 2016, file photo, a New Orleans Saints helmet rests on the playing field before an NFL football game in Kansas City, Mo. The Saints are going to court to keep the public from seeing hundreds of emails that allegedly show team executives doing public relations damage control for the area's Roman Catholic archdiocese to help it contain the fallout from a burgeoning sexual abuse crisis. (AP Photo/Jeff Roberson, File) [JEFF ROBERSON  |  AP]
    Saints attorneys disputed any suggestion that the team helped the church cover up crimes, calling such claims “outrageous.”
  9. Staff move bio-waste containers past the entrance of the Wuhan Medical Treatment Center, where some infected with a new virus are being treated, in Wuhan, China, Wednesday, Jan. 22, 2020. The number of cases of a new coronavirus from Wuhan has risen over 400 in China Chinese health authorities said Wednesday. (AP Photo/Dake Kang) [DAKE KANG  |  AP]
    On the eve of the Lunar New Year, transportation was shut down in at least 13 cities home to more than 36 million people.
  10. Actress Annabella Sciorra arrives as a witness in Harvey Weinstein's  rape trial, in New York, Thursday. (AP Photo/Richard Drew) [RICHARD DREW  |  AP]
    Annabella Sciorra became the first of Weinstein’s accusers to testify at the trial of the movie mogul whose downfall gave rise to the #MeToo movement.
Advertisement
Advertisement
Advertisement