The Ukrainian company connected to President Trump’s impeachment was infiltrated by Russian hackers. Phishing software was used to send bogus emails to employees of Ukrainian gas company Burisma Holdings so they could steal login information. Burisma is the company Vice President Joe Biden's son Hunter worked for while his father was serving in the Obama administration — a gig that prompted Ukraine to investigate hypothetical "corruption" on Biden's part. The hackers who targeted Burisma Holdings are connected to GRU, the Russian government’s spy agency.
Area 1 Security, a cybersecurity firm based in California, discovered the attack. "What we've uncovered is that the same Russian cyber actors who targeted the [Democratic National Committee] in 2016 have been actively launching a phishing campaign against employees of Burisma Holdings and its subsidiaries, to try to steal their email usernames and passwords,” Oren Falkowitz, the firm’s cofounder, told NPR.
GRU has been implicated in several other attacks on various organizations including the World Anti-Doping Agency, FIFA, and political campaigns for the 2018 midterm elections. Area 1 believes GRU is also responsible for a phishing attack that targeted a company founded by Ukrainian President Volodymyr Zelensky. A call between Trump and Zelensky, during which Trump pressured him to investigate Biden and his family, gave the Democrats the ammunition they needed for the impeachment proceedings.
Based on Area 1’s findings, the latest attack could have been an attempt to gather information about Hunter Biden. It's not clear what the cyber actors ultimately sought, though Area 1 warned that "the timing ... raises the specter that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections." The phishing campaign began in early November and was discovered on New Year's Eve.
The Biden campaign used this news to argue Trump is intimidated by the possibility of facing the former vice president in the general election this fall.
“Donald Trump tried to coerce Ukraine into lying about Joe Biden ... because he recognized that he can’t beat the vice president,” Biden campaign spokesman Andrew Bates told The New York Times. Bates also stated that Russian President Vladimir Putin “sees Joe Biden as a threat.”
“Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections,” Bates added. Trump has previously sided with Putin on the fact of Russia's intervention in the 2016 election, doing so over the conclusion of American intelligence agencies.
Falkowitz told the Times that the phishing was “successful.” However, the hackers made it easy for the plot to be uncovered because they used the same methods from other attacks.
“The Burisma hack is a cookie-cutter G.R.U. campaign,” Falkowitz explained. “Russian hackers, as sophisticated as they are, also tend to be lazy. They use what works. And in this, they were successful.”
Laziness aside, the Burisma hack is still dangerous and could have consequences down the line.
"Once you have the usernames and passwords for an employee's email account, there's quite a lot that can be done," Falkowitz told NPR. "You can observe all of the data that's contained within [their] email. You can also launch further phishing campaigns — and you can use that data to do quite a lot to move throughout the company's networks."
The GRU's actions are also another reminder that Trump's meddling in Ukraine has repercussions well beyond his impeachment. The forces partially responsible for Trump's ascendance are still active during another presidential election. Will history repeat itself or will America get its affairs in order?