Russia Hacked Ukrainian Company Linked To Trump Impeachment, Security Firm Says
Russian hackers recently targeted the Ukrainian gas company that was at the heart of President Trump's impeachment — and they succeeded in gaining access to its email accounts, according to California cybersecurity firm Area 1 Security. The alleged attack came months after Trump urged Ukraine to investigate Joe Biden's son, Hunter, who served on the board of Burisma Holdings.
"What we've uncovered is that the same Russian cyber actors who targeted the DNC in 2016 have been actively launching a phishing campaign against employees of Burisma Holdings and its subsidiaries, to try to steal their email usernames and passwords," Area 1 co-founder Oren Falkowitz tells NPR's Noel King.
Trump's push for a corruption inquiry into the son of a political rival resulted in him being impeached on charges of abuse of power and obstruction. But shortly after the House of Representatives formalized its impeachment inquiry on Oct. 31, hackers linked to Russia's government sprang into action in early November.
The hacking operation was the work of the GRU, the Russian military spy agency, according to Area 1, which has published its findings online. The firm says Russia's hackers sent seemingly legitimate emails pointing to malicious websites that looked like authentic Burisma sites, to dupe employees into sharing private login information.
The ploy worked, Falkowitz says: "What we know is that they're able to access the usernames and passwords for the employees of Burisma. And from there, they're able to see likely what's in those accounts."
The vast majority of cyberattacks begin with a phishing campaign, Area 1 says. In addition to the Russian attack on the Democratic National Committee's systems, one of the most damaging recent cyberattacks began with a spear-phishing email sent to Hillary Clinton's campaign chair John Podesta. That email instructed Podesta to click a special link to pick out a new password for his Google email account – a process the hackers then monitored, giving them full access to his account.
"Once you have the usernames and passwords for an employee's email account, there's quite a lot that can be done," Falkowitz says. "You can observe all of the data that's contained within [their] email. You can also launch further phishing campaigns — and you can use that data to do quite a lot to move throughout the company's networks."
In recent years, the GRU's hackers have been both very busy and extremely disruptive, attacking a variety of high-profile targets with the goal of revealing embarrassing information.
"The GRU has been linked to cyberattacks at the Democratic National Committee in 2016 and the compromise of the World Anti-Doping Agency," Area 1 says. "The GRU has also been linked to the targeting of European foreign ministries and defense agencies, campaigns for the 2018 U.S. midterm elections, FIFA, and Westinghouse."
Area 1 says it also linked the GRU phishing campaign against Burisma to another phishing attack targeting a company founded by Ukrainian President Volodymyr Zelensky – whose conversation with Trump last summer sparked calls to impeach the U.S. president.
Trump has previously asked Russia to help his political campaign – most famously just months before the 2016 vote.
"Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing" from Clinton's email servers, Trump said on July 27, 2016.
According to indictments secured by Justice Department special counsel Robert Mueller, Russian military officers began attacking the Clinton campaign and other Democratic targets that same day. [Copyright 2020 NPR]