Kyiv energy firm linked to Biden’s son ‘targeted in Russian hack’
Russian military hackers tried to steal email usernames and passwords from the Ukrainian energy company where Hunter Biden, the son of the Democratic presidential contender Joe Biden, had a seat on the board, a US cybersecurity firm has said.
Burisma Holdings, the Kyiv-based firm targeted in the attack, was the same one that Donald Trump put pressure on Ukraine to investigate because of its business links with Biden’s son.
That effort, during which the Trump administration withheld military aid from Ukraine, has led to his impeachment by the US House of Representatives for abuse of power and obstruction of justice.
Biden is Trump’s most likely opponent in this November’s presidential election and the hacking effort has raised concerns of a repeat of the release of stolen emails that coloured the 2016 elections.
The phishing campaign against Burisma was identified by Area 1 Security, a California-based company, which also attributed the attack to the main directorate of Russian military intelligence, known as the GRU.
The phishing attacks mimicked login pages for Burisma and several sites used by subsidiaries and partners, potentially luring employees into giving up their company passwords. Those credentials could then be used to craft more sophisticated attacks.
“The attacks were successful,” Oren Falkowitz, Area 1’s chief executive, told the New York Times. “The timing of the Russian campaign mirrors the GRU hacks we saw in 2016 … Once again, they are stealing email credentials, in what we can only assume is a repeat of Russian interference.”
Area 1 said in a briefing paper that it had attributed the cyber-attack to Russian military intelligence by identifying the tactics, techniques, and procedures “used exclusively by the GRU in phishing for credentials”.
Those included the services used to register domains and the internet service providers used by the hackers. The hacking campaign also used a “specific HTTP redirect, attributed to GRU”, that sent only targeted individuals to a malicious site, Area 1 said.
It was unclear what data the hackers hoped to steal, Area 1 said. But a likely target would be communications with Hunter Biden, whose seat on Burisma’s board from 2014 to 2019 and salary have sparked controversy. Any revelations about Biden’s work would probably be used in the impeachment battle engulfing the US administration and in Trump’s quest for re-election.
Area 1 did not release details about how many employees had been tricked by the lookalike sites and it is not clear what, if any, information was stolen.