Russian military hackers have been boring into the Ukrainian gas company, Burisma, at the centre of the Trump impeachment affair, according to security experts.
The hacking attempts against Burisma, on whose board Hunter Biden (Joe Biden’s son) served, began in early November, as talk of the Bidens, Ukraine and impeachment was dominating the news in the United States.
It is not yet clear what the hackers found, or precisely what they were searching for. But the experts say the timing and scale of the attacks suggest that the Russians could be searching for potentially embarrassing material on the Bidens — the same kind of information that Mr. Trump wanted from Ukraine when he pressed for an investigation of the Bidens and Burisma, setting off a chain of events that led to his impeachment.
Then, as now, the Russian hackers from a military intelligence unit known formerly as the G.R.U., and to private researchers by the alias “Fancy Bear,” used so-called phishing emails that appear designed to steal usernames and passwords, according to Area 1, the Silicon Valley security firm that detected the hacking.
Nancy Pelosi has responded to reports that a Russian military intelligence unit successfully targeted Burisma, demanding Congress be briefed on the administration's knowledge of the hack.https://t.co/EVSjULsZEG
— Axios (@axios) January 14, 2020
This is just another example of the rise in cyberattacks to critical infrastructure. A reminder that these types of threats are real and need to be addressed with pro-active participation from both the public and private sector. Nation-state attackers will continue to employ innovative or original tactics to gain access to systems, so industrial operators must be equally capable of catching these attacks from the start.
Critical infrastructure organizations including energy, transportation, water, manufacturing, and others that support everyday life, should be particularly vigilant with respect to their standard cyber security practices for operational assets, especially in these unsure geopolitical times. It is necessary to leverage security tools that provide broad operational visibility, continual network monitoring, and detection of system anomalies. The current situation demands renewed scrutiny around unusual activity, and immediate investigation of possible incidents.
Phishing is the go-to methodology for the Russian services to obtain a user\’s credentials and gain access to the broader target network. This put not only Burisma Holdings at risk but their subsidiaries and their vendors as well. Like any fairly sophisticated and organised hacking campaign, they also ran multiple domains that were just similar enough to legitimate Burisma domains that they went unnoticed by users. At the end of the day, the story here is one of ongoing and escalating social engineering efforts by the Russians against their targets of interest – which is why we should expect and plan for such activities during our upcoming election cycle.