The Ukrainian natural gas company that prompted President Donald Trump to seek investigations from Ukraine’s president over its hiring of former Vice President Joe Biden’s son was hacked by Russian spies, security experts said in a report released Monday.
The Main Intelligence Directorate of the General Staff of the Russian Army, or GRU, “launched a phishing campaign targeting Burisma Holdings” as early as November, according to the cybersecurity firm Area 1 Security.
“The Russians were trying to steal user names,” and “from that perspective they were successful,” Area 1 co-founder Oren Falkowitz, a former employee of the National Security Agency and U.S. Cyber Command, said Monday night. “What they intend to do from there is unknown,” he said.
The New York Times first reported Area 1’s conclusions.
Burisma employed Hunter Biden, the vice president’s son, as a board member in May 2014. He stopped working with the company in 2019.
Hunter Biden’s job with the gas company has prompted criticism, particularly from defenders of Trump. He admitted in October that his last name likely was the reason he was offered a seat on the board.
Trump was impeached in part because of allegations that in a phone call in July, Trump asked Ukrainian President Volodymyr Zelenskiy to investigate Joe Biden and his son and appeared to raise unfounded allegations that the former vice president stopped prosecution of the company.
Area 1 said in its report that the GRU phishing campaign was designed to steal email credentials and passwords of employees at Burisma Holdings, as well as its subsidiaries and partners.
Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.
John Podesta, who was chairman of Hillary Clinton’s 2016 presidential campaign, had his emails hacked during the 2016 campaign through phishing. Falkowitz said of the attack on Burisma: “It’s almost entirely the exact same thing.”
Phishing campaigns depend on the human perception of authenticity and can be stopped, he said in a statement. Around 95 percent of all cyberattacks involve phishing, he said.
U.S. prosecutors in 2018 indicted 12 people said to be members of the GRU in connection with the hacking of Democratic organizations and Clinton’s 2016 campaign.
Rep. Adam Schiff, D-Calif., chairman of the Intelligence Committee, who has been a key figure in Trump’s impeachment, said the development shows that Russia was still interested in interfering with U.S. elections.
“It would not at all surprise me. This is indeed exactly what Bob Mueller warned about in his testimony: That the Russians would be at this again,” Schiff said Monday night on MSNBC, referring to the special counsel who investigated Russia’s attempts to interfere in the 2016 election and examined whether there was any coordination with the Trump campaign.
“They appear, if this reporting is correct, to be in the midst of another hacking and potentially another dumping operation designed to influence another election,” Schiff said of the Russian government.
The White House did not immediately respond to a request for comment Monday night.
Area 1 said in its report that the targeting of a Ukrainian company by the GRU is not particularly novel but that “it is significant because Burisma Holdings is publicly entangled in U.S. foreign and domestic politics.”
“The timing of the GRU’s campaign in relation to the 2020 U.S. elections raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections,” the report said.
Download the NBC News app for breaking news and politics
Area 1 said the campaign by the GRU against Burisma Holdings began as early as November. That’s about two months after a whistleblower complaint accused Trump of having pressured the Ukrainian president to investigate the Bidens. The complaint was unsealed in September.
Falkowitz said Area 1 had been through a rigorous and standard process to notify U.S. authorities about the cyberattack within the last week, but he declined to comment further.
He said the report was significant in that it showed a phishing attack in progress, rather than after the fact.
The phishing technique used, described as credential harvesting, involves stealing account information like usernames and passwords. That can allow groups to get inside systems and impersonate employees.
A spokesman for Joe Biden’s 2020 presidential campaign said the Area 1 report “proves that both Donald Trump and Vladimir Putin understand the true stakes of this election.”
“Donald Trump tried to coerce Ukraine into lying about Joe Biden and a major bipartisan, international anti-corruption victory because he recognized that he can’t beat the Vice President,” campaign spokesman Andrew Bates said. “Now we know that Vladimir Putin also sees Joe Biden as a threat. Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections.”
Sarah Kaufman contributed.