The Ukrainian gas company at the center of President Trump’s impeachment scandal has reportedly been breached by Russian military hackers. Area 1 Security, a Silicon Valley company that specializes in e-mail security has published an eight-page report detailing how the Main Intelligence Directorate of the General Staff of the Russian Army (GRU) launched an ongoing phishing campaign against employees of Burisma Holdings and its partners and subsidiaries in early November 2019. The hack was reportedly successful.
Area 1 researchers discovered a GRU phishing campaign on Ukrainian companies on New Year’s Eve. All of the Ukrainian targets were subsidiaries of Burisma Holdings, including KUB-Gas, Aldea, Esko-Pivnich, Nadragas, Tehnocom-Service, and Pari. The hackers set up fake websites and blasted Burisma employees with emails meant to look like they are coming from inside the company. Some of them were fooled into handing over their login credentials.
The tactics are strikingly similar to Russia’s alleged hacking of the Democratic National Committee during the 2016 presidential campaign. Oren J. Falkowitz, chief executive officer of Area 1 Security, said, “The Burisma hack is a cookie-cutter GRU campaign. Russian hackers, as sophisticated as they are, also tend to be lazy. They use what works. And in this, they were successful.”
It is not yet clear what the hackers found, or precisely what they were searching for. Security experts suggest the hackers may have been looking for damaging information on Joe Biden. President Trump facing an impeachment trial over his efforts to pressure Ukraine to investigate Burisma, former Vice President Joseph R. Biden Jr., and his son Hunter Biden, who served on Burisma board. Hunter Biden resigned from the company when his father officially announced his candidacy for president in April 2019.