Russians hacked company key to Ukraine scandal, researchers say

A U.S. cybersecurity company says Russian military agents have successfully hacked the Ukrainian gas company at the center of the scandal that led to President Trump’s impeachment.

Russian agents launched a phishing campaign in early November to steal the login credentials of employees of Burisma Holdings, the gas company, according to Area 1 Security, a Silicon Valley company that specializes in email security.

Hunter Biden, son of former U.S. vice president and Democratic presidential hopeful Joe Biden, previously served on Burisma’s board.

It was not clear what the hackers were looking for or may have obtained, said Area 1’s CEO, Oren Falkowitz, who called the findings “incontrovertible” and posted an eight-page report. But the timing of the operation suggests that the Russian agents could be searching for material that damaging to the Bidens.

The House of Representatives impeached Trump in December, alleging he abused the power of his office by enlisting the Ukrainian government to investigate Biden, a political rival, ahead of the 2020 election. A second charge accused Trump of obstructing a congressional investigation into the matter.

“Our report doesn’t make any claims as to what the intent of the hackers were, what they might have been looking for, what they are going to do with their success. We just point out that this is a campaign that’s going on,” said Falkowitz, a former National Security Agency offensive hacker whose company’s clients include candidates for U.S. federal elected offices.

In an earlier interview, he told the Associated Press that the campaigns of top candidates for the U.S. presidency and House and Senate races in 2020 have in the last few months each been targeted by about 1,000 phishing emails.

Falkowitz did not name the candidates. Nor would he name any clients.

Russian hackers from the same military intelligence unit that Area 1 said was behind the operation targeting Burisma have been indicted for hacking emails from the Democratic National Committee and the chairman of Hillary Clinton’s campaign during the 2016 presidential race.

Stolen emails were released online at the time by Russian agents and WikiLeaks in an effort to favor Trump, special counsel Robert S. Mueller III determined in his investigation.

Area 1 discovered the phishing campaign by the Russian military intelligence unit, known as the GRU, on New Year’s Eve, Falkowitz said via email.

In the report, he said the GRU agents used fake, lookalike domains in the phishing campaign designed to mimic real Burisma subsidiaries.

The cybersecurity researchers said the operation targeting Burisma used tactics, techniques and procedures that GRU agents had used repeatedly in other phishing operations. Area 1 says it has been tracking the Russian agents for several years.

Phished credentials allow attackers both to rifle through a victim’s stored email and masquerade as that person.

Area 1 said its researchers connected the phishing campaign targeting Burisma to another that targeted a media organization founded by Ukrainian President Volodymyr Zelensky.