Russian spies hacked Ukrainian energy company at the center of Trump's impeachment

Access to the comments Comments
By Phil Helsel and Mike Memoli and Sarah Kaufman  with NBC News Politics
Image: Cars drive past the headquarters of the Russian General Staff's Main
Cars drive past the headquarters of the Russian General Staff's Main Intelligence Department (GRU) in Moscow on Dec. 30, 2016.   -   Copyright  Natalia Kolesnikova AFP - Getty Images file

The Ukrainian natural gas company that prompted President Donald Trump to seek investigations from Ukraine's president over its hiring of former Vice President Joe Biden's son was hacked by Russian spies, security experts said in a reportreleased Monday.

The Main Intelligence Directorate of the General Staff of the Russian Army, or GRU, "launched a phishing campaign targeting Burisma Holdings" as early as November 2019, according to cybersecurity firm Area 1 Security.

Area 1 called the Russian's effort "successful." It was not clear from the report what information if any was obtained.

The New York Times first reportedabout Area 1's conclusions and the alleged hack.

Burisma employed the vice president's son Hunter Biden as a board member in May 2014. Hunter Biden stopped working with the company in 2019.

The hiring of Hunter Biden by the gas company has prompted criticism, including from defenders of Trump. Hunter Biden admitted in October that his last name was the likely reason he was offered a seat on the board.

Trump has been impeached in part because of allegations that in a July phone call, Trump asked Ukraine President Volodymyr Zelenskiy to investigate Biden and his son and appeared to raise unfounded allegations that the former vice president stopped prosecution of the company.

Area 1 Security said in its report that the phishing campaign allegedly carried out by the GRU was designed to steal email credentials and passwords of employees at Burisma Holdings, as well as its subsidiaries and partners.

Oren Falkowitz, a co-founder of Area 1 and a former employee of the National Security Administration and United States Cyber Command, told the newspaper that "the attacks were successful."

"Cyber campaigns continue to be a geopolitical tool for waging war, influencing elections, theft of intellectual property and financial assets, and espionage," but phishing campaigns depend on the human perception of authenticity and can be stopped, Falkowitz said in a statement.

Twelve people said to be members of the GRU were indicted in 2018 by U.S. prosecutors in connection with the hacking of Democratic organizations and the campaign of Hillary Clinton in the 2016 election.


U.S. Rep. Adam Schiff, D-California, who chairs the House Intelligence Committee and has been a key figure in Trump's impeachment, said the alleged hacking shows that Russia was still interested in interfering with U.S. elections.

"It would not at all surprise me. This is indeed exactly what Bob Mueller warned about in his testimony: That the Russians would be at this again," Schiff said on MSNBC Monday night, referring to the special counsel who investigated Russia's attempts to interfere in the 2016 election and whether there was any coordination with the Trump campaign.

"They appear, if this reporting is correct, to be in the midst of another hacking and potentially another dumping operation designed to influence another election," Schiff said of the Russian government.

The White House did not immediately respond to a request for comment Monday night.

Area 1 Security said in its report that the targeting of a Ukrainian company by the GRU is not particularly novel, but "it is significant because Burisma Holdings is publicly entangled in U.S. foreign and domestic politics."

"The timing of the GRU's campaign in relation to the 2020 U.S. elections raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections," the Area 1 Security report said.

Area 1 Security said that the alleged campaign by the GRU against Burisma Holdings began as early as November.

That's about two months after a whistleblower complaint was made that accused Trump of pressuring the Ukrainian president to investigate the Bidens. The whistleblower complaint was unsealed in September.

The phishing technique used is described as credential harvesting and involves stealing account information like usernames and passwords. That can allow groups to get inside systems and impersonate employees.

Joe Biden id among those running for the 2020 Democratic presidential nomination.

Biden campaign spokesman Andrew Bates said the report "proves that both Donald Trump and Vladimir Putin understand the true stakes of this election."

"Donald Trump tried to coerce Ukraine into lying about Joe Biden and a major bipartisan, international anti-corruption victory because he recognized that he can't beat the Vice President," Bates said. "Now we know that Vladimir Putin also sees Joe Biden as a threat. Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections."