Apparently, Tsar Putin’s finest military hackers tried to steal emails from the Ukrainian energy firm where Hunter Biden, the son of Democratic presidential contender Joe Biden, had a seat on the board.
Energy company Burisma Holdings Ltd was at the centre of attempts by US President Donald Trump last July to pressure Ukrainian authorities to announce an investigation into the Bidens for purported corruption, an effort that has led to the Republican being impeached by the US House of Representatives on charges of abuse of power and obstruction of Congress.
California-based Area 1 Security identified the Burisma hacking and linked it to Russia’s Main Directorate of Military Intelligence, or GRU. The same hacking group, known as “Fancy Bear” by cybersecurity researchers, breached the Democratic National Committee in 2016 in what US investigators described as part of an operation to disrupt that year’s election.
“You can see this attack really is starting to parallel with what we saw in 2016”, Oren Falkowitz, Area 1’s chief executive, said in an interview.
A source close to Burisma told Reuters the company’s website had been subject to multiple break-in attempts over the past six months but did not provide further details.
Area 1 said that breaching Burisma could yield communications from, to, or about Hunter Biden, who served as a director between 2014 and 2019. A leak of stolen data could potentially affect the impeachment process and US electoral contest.
Area 1 said it became aware of the Russian targeting of Burisma after its email security scanning product found suspicious evidence online, including “decoy domains” - websites designed to imitate legitimate email services used by Burisma’s subsidiaries.
Publicly available domain registration records examined by Reuters show that the hackers created the decoy domains between 11 November, the day before US Democrats began their first public impeachment hearings, and 3 December the day before the House Judiciary Committee took up the case.
The records show that the same people also registered fake domains for a Ukrainian media company, named Kvartal 95, in March and April 2019. Kvartal 95 was founded by Ukrainian President Volodymyr Zelenskiy and multiple employees of the station have since joined his administration.
Area 1 co-founder Blake Darche said unpublished data gathered by his firm linked the operation to a specific officer in Moscow, whose identity he was unable to establish. But Darch said “we are 100 per cent certain” that the GRU was behind the hacking.
US intelligence officials have issued warnings that Russia is working to intervene in the November 2020 election. Trump is seeking re-election and Biden is a potential opponent out of a dozen Democrats seeking their party’s nomination.
Trump denies he did anything wrong by asking Ukrainian officials to investigate Hunter Biden’s relationship with Burisma. But equally, there is no evidence of wrong doing by the Bidens.