Russian military hackers have successfully infiltrated the Ukrainian gas company at the heart of the impeachment drama surrounding President Donald Trump, former Vice President Joe Biden and his family, according to cybersecurity researchers.
Employees of the gas company, Burisma Holdings, were tricked into giving up their computer credentials by a sophisticated network of fake websites set up by Russian military intelligence, the GRU, said Area 1, an online security firm.
The websites were designed to look and feel like the same ordinary work products that Burisma employees would access on a daily basis, said Area 1 in its report.
The New York Times was the first to report the hack, and noted the attempts began in early November, as the Bidens, Ukraine and impeachment were dominating the news in the United States while the House impeachment hearings were underway.
CNN has reached out to the Russian Embassy in Washington for comment but has not yet received a response.
It is unclear what information the hackers sought or how deeply Burisma may have been compromised. A cybersecurity expert speaking to CNN about the situation said this was likely not the first time Russian operators have hacked Burisma, adding that Russian hackers are very aggressive in their cyberefforts inside Ukraine.
But in light of Burisma’s role in the unfolding political saga — in which Trump pushed Ukrainian officials to investigate Biden and his son, Hunter, who had served on Burisma’s board — the probing of the company’s systems closely resembles Russian efforts in 2016 to destabilize the US election.
“The timing of the GRU’s campaign in relation to the 2020 U.S. elections raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections,” said the report.
In a statement, Biden’s presidential campaign said the incident “proves that both Donald Trump and Vladimir Putin understand the true stakes of this election.”
“Now we know that Vladimir Putin also sees Joe Biden as a threat. Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections,” Biden spokesman Andrew Bates said.
Area 1 monitors the internet for so-called “phishing” attacks. It was founded in 2013 by two former National Security Agency officials and a computer scientist.
Oren Falkowitz, the company’s co-founder and CEO, told CNN in an interview that Area 1 has been tracking the GRU for some time.
“We’ve been able to definitively link it based on patterns consistent from this campaign with many others,” he said.
Asked whether he had notified Burisma of the Russian campaign, Falkowitz acknowledged that the company had made a “series of disclosures.” He declined to comment on “who we spoke with prior to releasing, but it was consistent with responsible standards.”
This story has been updated to include reaction from Biden’s campaign.