Russia’s GRU hacks Ukraine gas firm Burisma: US cyber report
It was unclear what the hackers were looking for or what they obtained, the security company said.
Democratic presidential hopeful Joe Biden’s son Hunter Biden was previously on the film’s board.
Area 1 blamed the “phishing” attack on Russia’s notorious military intelligence operation, Russia’s Main Directorate of Military Intelligence or GRU.
Trump was impeached last month over allegations he pressured Ukrainian president, Volodymyr Zelenskiy, to launch a probe into Burisma to find incriminating evidence about the Bidens.
Hunter Biden, the former vice president’s son, has faced criticism for accepting a position on Burisma’s board of directors. When Hunter Biden joined the Burisma in 2014, his father was leading US policy on Ukraine. The Bidens have not been accused of doing anything illegal but Hunter’s position presented a potential conflict of interest.
California-based Area 1 compared the hacking operation to that carried out against the Democratic Party ahead of the 2016 US presidential election, that Trump “won”, despite receiving millions fewer votes.
The eight-page Area 1 study said: “Our report is not noteworthy because we identify the GRU launching a phishing campaign, nor is the targeting of a Ukranian company particularly novel. It is significant because Burisma Holdings is publically entangled in US foreign and domestic politics.”
The security firm said the GRU hackers, known as “Fancy Bear”, used “phishing” emails designed to steal usernames and passwords. It is unclear what the hackers were after.
Burisma employees were sent fake internal emails and bogus websites that looked like the sign-in pages for the gas firm’s subsidiaries.
Area 1 said it found “decoy domains” for the bogus websites.
Area 1’s report said the GRU targeted two subsidiaries of Burisma – KUB Gas and Esko Pivnich – and CUB Energy, which was affiliated with Burisma, using lookalike domains intended to trick staff into inputting email passwords.
It said GRU operatives also registered fake domains for a Ukrainian media company, Kvartal 95, in March and April 2019. Kvartal 95 was founded by Zelenskiy and many members of staff at the broadcaster have subsequently joined his administration.
Area 1 said the timing of the GRU’s campaign in relation to this year’s US election raised the spectre that this was an early warning of what Americans should expect since the successful cyberattacks undertaken during the 2016 US election.
The security firm said it was “100 per cent certain” that the GRU was responsible for the hack.
There was no comment from Kvartal 95, Russia, the US or Burisma.
Ukrainian president, Volodymyr Zelenskiy, with Donald Trump in September 2019. Picture credit: Wikimedia