By: Denise Simon | Founders Code
Someone alert Tucker Carlson that Russia is still inside our political system.
Just reported by a California based company called Area 1 it began when the whole Burisma scandal broke last Fall during the impeachment hearings.
Hackers believed to be affiliated with Russia’s military breached the Ukrainian gas company where former Vice President Joe Biden’s son had served on the board as it became a focus of the impeachment inquiry into President Trump, according to a U.S. cybersecurity firm.
Attempts to hack into Burisma Holdings began last November, as Congress was holding hearings into whether Mr. Trump abused his office by pressuring his Ukrainian counterpart to work with his personal lawyer, Rudy Giuliani, to investigate Mr. Biden and his son, Hunter according to research published Monday by Area 1, a California based company.
The hacking attempts are ongoing and are linked to the Russian military intelligence unit previously known as the GRU, which hacked and leaked Democratic emails during the 2016 presidential election, Area 1 said.
The Russia Embassy in Washington didn’t immediately respond to a request for comment. They have historically denied hacking into U.S. elections.
It wasn’t known what information the hackers were seeking or what they obtained, the firm said. In at least one instance, the hackers tricked the recipient of a phishing email into sharing login credentials that allowed them access into on the Burisma’s servers, the company said. Area 1’s findings were earlier reported by the New York Times.
Messrs. Trump and Giuliani have argued without evidence, that Mr. Biden’s anti-corruption push in Ukraine was designed to head off any investigation of Burisma. Both Bidens have denied wrongdoing and said they never discussed business in Ukraine.
Area 1’s documentation is found here.
In part from the preface of the report:
Like all phishing campaigns, we observe the GRU was successful because they found ways to appear authentic to their targets, rather than using any technical sophistication. Everything about their approach is technically unremarkable, yet highly effective. In this campaign the GRU combines several different authenticity techniques to achieve success: Domain-based authenticityBusiness process and application authenticityPartner and supply chain authenticityA key aspect of cyberattack preemption is having a deep understanding of cyber actor patterns and continually discovering and deconstructing campaigns to anticipate future ones. Our report is not noteworthy because we identify the GRU launching a phishing campaign, nor is the targeting of a Ukrainian company particularly novel. It is significant because Burisma Holdings is publically entangled in U.S. foreign and domestic politics. The timing of the GRU’s campaign in relation to the 2020 U.S. elections raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections.
Area 1 Security has correlated this campaign against Burisma Holdings with specific tactics, techniques, and procedures (TTPs) used exclusively by the GRU in phishing for credentials. Repeatedly, the GRU uses Ititch, NameSilo, and NameCheap for domain registration; MivoCloud and M247 as Internet Service Providers; Yandex for MX record assignment; and a consistent pattern of lookalike domains.
Special Counsel Robert Mueller indicted seven officers with the G.R.U. in 2018.