WASHINGTON (Reuters) – Russian military hackers attempted to steal emails from the Ukrainian energy company where Hunter Biden, son of Democratic presidential contender Joe Biden, had a spot on the board, a US cybersecurity company said Monday.
The energy company Burisma Holdings Ltd was at the center of the attempts of the president of the United States, Donald Trump, last July to pressure the Ukrainian authorities to announce an investigation into the Bidens for alleged corruption, an effort that has led to that the House of Representatives of the United States challenges the Republican. charges of abuse of power and obstruction of Congress.
California-based Area 1 Security identified the piracy of Burisma and linked it to the Russian Military Intelligence Directorate, or GRU. The same group of hackers, known as “Fancy Bear” by cybersecurity researchers, violated the National Democratic Committee in 2016 in what American researchers described as part of an operation to disrupt the elections that year.
“You can see that this attack is really starting to be parallel to what we saw in 2016,” said Oren Falkowitz, executive director of Area 1, in an interview.
The Russian Ministry of Defense did not immediately respond to a request for comment. Officials of the US National Security Agency. UU. And the Department of Homeland Security declined to comment.
Burisma did not immediately respond to a request for comment.
A source close to Burisma told Reuters that the company’s website had been subject to multiple intrusion attempts in the last six months, but did not provide further details.
The data that hackers sought to steal are unclear, said Area 1. The violation of Burisma could generate communications from, to or about Hunter Biden, who served as director between 2014 and 2019. A leak of stolen data could affect the process of political judgment and the electoral contest of the United States.
Area 1 said it realized Russian attacks on Burisma after its email security scanning product found suspicious evidence online, including “decoy domains,” websites designed to mimic legitimate email services. used by the subsidiaries of Burisma.
The publicly available domain registration records examined by Reuters show that hackers created the decoy domains between November 11, the day before the US Democrats. UU. They will begin their first public impeachment hearings, and on December 3, the day before the Chamber’s Judicial Committee addressed the issue.
Records show that the same people also registered fake domains for a Ukrainian media company, called Kvartal 95, in March and April 2019. Kvartal 95 was founded by Ukrainian President Volodymyr Zelenskiy and several station employees have joined his administration.
Kvartal 95 and Zelenskiy representatives did not immediately respond to requests for comment.
The Area 1 report said it discovered that GRU had targeted two Burisma subsidiaries, KUB Gas LLC and Esko Pivnich, as well as CUB Energy Inc, which was affiliated with the firm, using similar domains intended to trick employees into They provide their email passwords.
Burisma and its subsidiaries share the same email server, said Area 1, which means that a violation in any of the companies could expose them all.
The report gave a limited indication of how Area 1 determined that similar domains were the work of the GRU, primarily pointing to similarities in how hackers previously established their digital traps. The co-founder of Area 1, Blake Darche, said the unpublished data collected by his firm linked the operation to a specific officer in Moscow, whose identity he could not establish.
But Darch said “we are 100 percent sure” that the GRU was behind the hacking.
An external investigator, Kyle Ehmke, of the Virginia-based cybersecurity firm ThreatConnect, which reviewed the malicious domains marked by Area 1, said that, according to the information he had seen, he believed “with moderate confidence” that the websites were designed by the GRU.
Ehmke said the piracy operation against Burisma used tools and methods consistent with the Russian hackers associated with the GRU, but a complete image was missing.
Russian spies have routinely attacked Ukrainian energy companies with cyber attacks since Russia supported a separatist takeover in eastern Ukraine in 2014.
Andrew Bates, a spokesman for Joe Biden, did not comment directly on the attack, but said in an email: “Any American president who has not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections.”
U.S. intelligence officials UU. They have issued warnings that Russia is working to intervene in the November 2020 elections. Trump is seeking re-election and Biden is a potential opponent of a dozen Democrats seeking the nomination of his party.
Trump denies having done anything wrong by asking Ukrainian officials to investigate Hunter Biden’s relationship with Burisma. There has been no evidence of irregularities by the Bidens, who reject Trump’s accusations of corruption, and his administration officials have reprimanded his claims about them.
Report of Christopher Bing Raphael Satter; Polina Ivanova in Kiev, Ukraine contributed; Edition of Chris Sanders, Grant McCool and Gerry Doyle