Kyiv energy firm linked to Bi­den’s son ‘tar­geted in Rus­sian hack’

The Guardian - - World - Andrew Roth

Rus­sian mil­i­tary hack­ers tried to steal email user­names and pass­words from the Ukrainian energy com­pany where Hunter Bi­den, the son of the Demo­cratic pres­i­den­tial contender Joe Bi­den, had a seat on the board, a US cy­ber­se­cu­rity firm has said.

Burisma Hold­ings, the Kyiv-based firm tar­geted in the at­tack, was the same one that Don­ald Trump put pres­sure on Ukraine to in­ves­ti­gate be­cause of its business links with Bi­den’s son.

That ef­fort, dur­ing which the Trump ad­min­is­tra­tion with­held mil­i­tary aid from Ukraine, has led to his im­peach­ment by the US House of Rep­re­sen­ta­tives for abuse of power and ob­struc­tion of jus­tice.

Bi­den is Trump’s most likely op­po­nent in this Novem­ber’s pres­i­den­tial elec­tion and the hack­ing ef­fort has raised con­cerns of a re­peat of the re­lease of stolen emails that coloured the 2016 elec­tions.

The phish­ing cam­paign against Burisma was iden­ti­fied by Area 1 Se­cu­rity, a Cal­i­for­nia-based com­pany, which also at­trib­uted the at­tack to the main direc­torate of Rus­sian mil­i­tary in­tel­li­gence, known as the GRU.

The phish­ing at­tacks mim­icked lo­gin pages for Burisma and sev­eral sites used by sub­sidiaries and part­ners, po­ten­tially lur­ing em­ploy­ees into giv­ing up their com­pany pass­words. Those cre­den­tials could then be used to craft more so­phis­ti­cated at­tacks.

“The at­tacks were suc­cess­ful,” Oren Falkowitz, Area 1’s chief ex­ec­u­tive, told the New York Times. “The tim­ing of the Rus­sian cam­paign mir­rors the GRU hacks we saw in 2016 … Once again, they are steal­ing email cre­den­tials, in what we can only as­sume is a re­peat of Rus­sian in­ter­fer­ence.”

Area 1 said in a brief­ing pa­per that it had at­trib­uted the cy­ber-at­tack to Rus­sian mil­i­tary in­tel­li­gence by iden­ti­fy­ing the tac­tics, tech­niques, and pro­ce­dures “used ex­clu­sively by the GRU in phish­ing for cre­den­tials”.

Those in­cluded the ser­vices used to regis­ter do­mains and the in­ter­net ser­vice providers used by the hack­ers. The hack­ing cam­paign also used a “spe­cific HTTP re­di­rect, at­trib­uted to GRU”, that sent only tar­geted in­di­vid­u­als to a ma­li­cious site, Area 1 said.

It was un­clear what data the hack­ers hoped to steal, Area 1 said. But a likely tar­get would be com­mu­ni­ca­tions with Hunter Bi­den, whose seat on Burisma’s board from 2014 to 2019 and salary have sparked con­tro­versy. Any rev­e­la­tions about Bi­den’s work would prob­a­bly be used in the im­peach­ment bat­tle en­gulf­ing the US ad­min­is­tra­tion and in Trump’s quest for re-elec­tion.

Area 1 did not re­lease de­tails about how many em­ploy­ees had been tricked by the looka­like sites and it is not clear what, if any, in­for­ma­tion was stolen.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.