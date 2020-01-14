advertisement

BOSTON (AP) – An American cybersecurity firm claims that Russian military agents successfully hacked the Ukrainian gas company at the center of the scandal that led to the dismissal of President Donald Trump.

According to Area 1 Security, a Silicon Valley company specializing in email security, Russian agents launched a phishing campaign in early November to steal login information from employees of Burisma Holdings, the gas company.

Hunter Biden, son of former US vice president and Democratic presidential candidate Joe Biden, previously served on the board of Burisma.

It was unclear what the hackers were looking for or could have gotten, said Zone 1 CEO Oren Falkowitz, who called the findings “must have” and published an eight-page report. But the timing of the operation suggests that Russian agents may be looking for material harmful to the Bidens.

The House of Representatives removed Trump in December for abusing the power of his office by enlisting the Ukrainian government to investigate Biden, a political rival, before the 2020 election. A second charge accused Trump of having obstructed an investigation by the Congress on the issue.

“Our report makes no statement as to the intent of the pirates, what they might have been looking for, what they are going to do with their success. We just point out that this is a campaign that is continuing, “said Falkowitz, a former National Security Agency offensive hacker whose clients include candidates in the US federal election. In a previous interview, he told The Associated Press that the best candidate campaigns for the The U.S. presidency and the House and Senate races in 2020 had each been targeted in the past few months by about a thousand phishing emails.

Falkowitz did not name the candidates. He would not name clients either.

Russian hackers from the same military intelligence unit as Area 1 said they were behind the Burisma operation have been charged with hacking emails from the National Democratic Committee and the campaign chairman of Hillary Clinton during the 2016 presidential race.

The stolen emails were published online at the time by Russian agents and WikiLeaks in an effort to favor Trump, special advocate Robert Mueller determined in his investigation.

Zone 1 discovered the phishing campaign of the Russian military intelligence unit, known as GRU, on New Years Eve, said Falkowitz, who would not discuss the people he notified before going public . He said he had followed the standard industry responsible disclosure process, which would include notification to Burisma.

In the report, he said that GRU agents used fake similar domains in the phishing campaign, designed to mimic the sites of real Burisma affiliates.

Falkowitz said the Burisma operation involved tactics, techniques and procedures that GRU agents had repeatedly used in other phishing operations, corresponding to “several models that many independent researchers agree to imitate this particular Russian actor. ” Zone 1 says it has followed Russian agents for several years.

The moment of discovery – just weeks before the start of the presidential primaries in the United States – highlights the need to protect political campaigns from targeted phishing attacks, which are responsible for 95% of all breaches of information, said Falkowitz.

“This is a concrete and timely case with real implications,” he said. “Finding it and potentially stepping out in front of it is a big departure from what is typical in the cybersecurity community, where someone just tells you, yes, you’re dead.”

In phishing, an attacker uses a targeted email to lure a target to a fake site that looks like a familiar site. There, unintentional victims enter their usernames and passwords, which the hackers then collect. Phishing credentials allow attackers to search a victim’s stored emails and pretend to be that person.

Zone 1 said its researchers linked the phishing campaign targeting Burisma to an effort earlier last year that targeted Kvartal 95, a media organization founded by Ukrainian President Volodymyr Zelenskiy.

In this case, Russian military agents, from a group of security researchers called “Fancy Bear”, dumped Burisma employees with emails designed to resemble internal messages.

In order to detect phishing attacks, Area 1 maintains a global network of sensors designed to detect and block them before they reach their targets.

In July, the United States Federal Elections Commission authorized Zone 1 to offer services to federal election candidates and political committees at the same rates it charges non-profit organizations.

