Russians hacked Ukrainian company Burisma, Zone 1 report says
WASHINGTON – A computer security firm reported on Monday that Russian hackers had sought access to the Ukrainian gas company at the heart of the impeachment inquiry against President Donald Trump, and House Democrats warned the move threatened to interfere with the 2020 elections.
Area 1 Security, a Californian company Focused on email security, reported that members of Russian military intelligence known as GRU launched a campaign in early November to steal email credentials from workers at Burisma Holdings.
The eight page report does not say what information, if any, the GRU obtained or what it was looking for. The firm did not speculate on the motivations of the GRU either. But the target and timing of the apparent hack, which occurred amid a presidential race and House impeachment inquiry against Trump, quickly raised Democrats’ fear that Russia was using similar hacking to interfere in the 2020 presidential election.
Hunter Biden, the son of Democratic leader and former Vice President Joe Biden, served on Burisma’s board of directors. Trump’s July 2019 call with Ukraine, in which he urged the country’s president to investigate the Bidens and Burisma, led to the House impeachment inquiry. But Trump has said his goal is to fight corruption in Ukraine and that he expects to be exonerated in the ongoing Senate trial.
US officials have discredited the accusations on Ukraine and the Bidens as conspiracy theories.
FBI Director Christopher Wray said there was no evidence Ukraine interfered in the 2016 election. Fiona Hill, a former National Security Council official, said during the investigation impeachment charges against Ukraine are Russian propaganda.
Kurt Volker, former US special representative to Ukraine, said it was not credible that Joe Biden was “influenced in any way by financial or personal reasons in the performance of his duties as vice-president”.
Andrew Bates, spokesperson for Biden’s 2020 campaign, said the Burisma hack illustrated that Russia was seeking to meddle in the campaign to help Trump.
“Donald Trump tried to coerce Ukraine into lying about Joe Biden and a big bipartisan international victory against corruption because he admitted he couldn’t beat the vice president,” Bates said . “Now we know that Vladimir Putin also sees Joe Biden as a threat. Any American president who has not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections.”
The cyberattack on Burisma involved phishing, an effort in which hackers mimic legitimate organizations to trick targets into leaking email passwords and other information, according to the Zone 1 report.
Blake Darche, co-founder and chief security officer of Area 1, said his company was certain that the phishing campaign, which involved the theft of email credentials from employees of Burisma and its subsidiaries and partners, had been orchestrated by the GRU.
“We have been following this attacker for five years. Our attributions for this attack are 100% accurate,” said Darche. “Zone 1 security has several data points on it. We know it’s GRU.”
On the ground in Ukraine:Trump’s conspiracy theories thrive in Ukraine, where young democracy fights corruption and mistrust
Darche said his company correlated its findings with indictments against GRU members in 2018. Former special advocate Robert Mueller indicted 12 Russian military intelligence officers for hacking into Democratic political organizations as part of a larger plan to interfere in the 2016 presidential election.
Stuart Madnick, director of cybersecurity at the Massachusetts Institute of Technology who reviewed the Zone 1 report, said there is good evidence, including tensions between Russia and Ukraine, to believe the GRU is the guilty. But he warns that it is difficult to trace the origin of cyber attacks and that knowledgeable hackers tend to spread evidence to blame another country.
“This is the game they all play.… I have no evidence that it is not the Russians. There are a lot of clues about the Russians. (But) people are reusing guns everywhere,” he said. Madnick said. “I have no evidence to contradict (the findings in Area 1). I am just giving this as a caveat.”
The apparent cyberattack on Burisma worried House Democrats, who cited Russia’s earlier efforts.
House Speaker Nancy Pelosi, D-Calif., Said the hacking reports deserved urgent action to protect the integrity of the 2020 election.
“The alarming reports that the Russian government continues to interfere in our elections for the president’s benefit and to undermine our democracy highlight the urgent need for action,” Pelosi said in a statement. “Congress needs to be made aware of what the administration knows about this attack and why the president does not have a plan to protect our elections.”
House Judiciary Committee Chairman Jerry Nadler, DN.Y., told reporters the Burisma hack was proof the Russians were trying to help Trump again.
“We know the Russians wanted Donald Trump elected the last time and they actively supported him,” Nadler said. “We know the president tried to get foreign aid, tried to extort foreign aid for the next election campaign. And it looks like the Russians are trying to open up again.
“The Russians seem to be starting over” House Intelligence Committee Chairman Adam Schiff, D-Calif., Said in a tweet. “They’re hacking information that could be the prelude to more election interference in 2020, according to a new report. And again, this appears to be aimed at helping Trump. We must reject foreign interference.
Former Secretary of State and Democratic presidential candidate Hillary Clinton posted a similar tweet, request, “Will the Russians help us choose our (president) again?”
House Homeland Security Committee Chairman Bennie Thompson, D-Miss., Said the 2016 election showed how far the Russians would be willing to interfere with the US election and warned that interference could get worse this year.
“If correct, the reports show how far the Russian government will do anything to help the president get re-elected and undermine our democracy,” Thompson said.
The House impeached Trump over articles accusing him of abuse of power and obstruction of Congress. Trump is accused of urging Ukraine to investigate its political rival while withholding $ 391 million in military aid in the country, then defying congressional subpoenas during the investigation.
Darche said his company discovered the phishing campaign as part of its day-to-day operations, which involved collecting different types of cyberattack data. The campaign searched for email credentials by sending messages from malicious computer domains that appeared similar to legitimate sources, according to the report.
The attackers targeted multiple email accounts within Burisma and its subsidiaries, which allowed them to access emails on the same server. Darche declined to provide further details, including who owned the targeted email accounts or what their positions were within Burisma. He also did not say whether his company contacted or spoke to anyone in Burisma about the hack.
The Russians embarked on a similar strategy in 2016, when they gained access to emails from Democratic campaign officials. One of the targets was John Podesta, the campaign manager for Democratic presidential candidate Hillary Clinton, whose emails were hacked and published.
In its report, Area 1 drew parallels with other phishing campaigns allegedly orchestrated by the GRU against liberal philanthropist George Soros and American political organizations. The report says the attacks, like the one against Burisma, involved the use of similar-looking malicious domains.
The report also briefly mentions a similar phishing campaign against a media company founded by Ukrainian President Volodymyr Zelensky. Darche said the GRU started targeting the company in Ukraine’s 2019 presidential election. He said the campaign became more aggressive as Zelensky began to emerge as a frontrunner.
“All cyber actors have goals and they determine what works to ensure their success with the least amount of resistance,” the Zone 1 report states.
Contribution: Nicholas Wu