Russian military hackers reportedly tried to steal emails from the Ukrainian energy company at the center of US impeachment scandal

news
Silhouettes of laptop users are seen next to a screen projection of binary code are seen in this picture illustration taken March 28, 2018. (REUTERS/Dado Ruvic/Illustration)

WASHINGTON (Reuters) - Russian military hackers tried to steal emails from the Ukrainian energy firm where Hunter Biden, the son of Democratic presidential contender Joe Biden, had a seat on the board, a U.S. cybersecurity firm said on Monday.

Energy company Burisma Holdings Ltd was at the center of attempts by U.S. President Donald Trump last July to pressure Ukrainian authorities to announce an investigation into the Bidens for purported corruption, an effort that has led to the Republican being impeached by the U.S. House of Representatives on charges of abuse of power and obstruction of Congress.


California-based Area 1 Security identified the hacking of Burisma and linked it to Russia's Main Directorate of Military Intelligence, or GRU. The same hacking group, known as "Fancy Bear" by cybersecurity researchers, breached the Democratic National Committee in 2016 in what U.S. investigators described as part of an operation to disrupt that year's election.

"You can see this attack really is starting to parallel with what we saw in 2016," Oren Falkowitz, Area 1's chief executive, said in an interview.

The Russian Defense Ministry did not immediately respond to a request for comment. Officials at the U.S. National Security Agency and the Department of Homeland Security declined to comment.

Burisma did not immediately respond to a request for comment.

A source close to Burisma told Reuters the company's website had been subject to multiple break-in attempts over the past six months but did not provide further details.

What data the hackers were looking to steal is not clear, Area 1 said. Breaching Burisma could yield communications from, to, or about Hunter Biden, who served as a director between 2014 and 2019. A leak of stolen data could potentially affect the impeachment process and U.S. electoral contest.

Area 1 said it became aware of the Russian targeting of Burisma after its email security scanning product found suspicious evidence online, including "decoy domains" - websites designed to imitate legitimate email services used by Burisma's subsidiaries.

Publicly available domain registration records examined by Reuters show that the hackers created the decoy domains between Nov. 11, the day before U.S. Democrats began their first public impeachment hearings, and Dec. 3, the day before the House Judiciary Committee took up the issue.

The records show that the same people also registered fake domains for a Ukrainian media company, named Kvartal 95, in March and April 2019. Kvartal 95 was founded by Ukrainian President Volodymyr Zelenskiy and multiple employees of the station have since joined his administration.

Kvartal 95 and representatives for Zelenskiy did not immediately respond to requests for comment.

Area 1's report said it discovered the GRU had targeted two subsidiaries of Burisma, KUB Gas LLC and Esko Pivnich, as well as CUB Energy Inc, which was affiliated with the firm, using lookalike domains intended to trick employees into providing their email passwords.

Burisma and its subsidiaries share the same email server, Area 1 said, meaning a breach at any of the companies could expose them all.

The report gave a limited indication of how Area 1 determined that the lookalike domains were the work of the GRU, pointing mainly to similarities in how the hackers had previously set their digital traps. Area 1 co-founder Blake Darche said unpublished data gathered by his firm linked the operation to a specific officer in Moscow, whose identity he was unable to establish.

But Darch said "we are 100 percent certain" that the GRU was behind the hacking.

An outside researcher, Kyle Ehmke of Virginia-based cybersecurity firm ThreatConnect, who reviewed the malicious domains flagged by Area 1, said based on the information he had seen, he believed "with moderate confidence" that the websites were devised by the GRU.

Ehmke said that the hacking operation against Burisma used tools and methods consistent with Russian hackers associated with the GRU, but that a complete picture was lacking.

Russian spies have routinely targeted Ukrainian energy firms with cyberattacks since Russia threw its weight behind a separatist takeover in eastern Ukraine in 2014.

Andrew Bates, a spokesman for Joe Biden, did not comment directly on the hack but said in an email: "Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections."

U.S. intelligence officials have issued warnings that Russia is working to intervene in the November 2020 election. Trump is seeking reelection and Biden is a potential opponent out of a dozen Democrats seeking their party's nomination.

Trump denies he did anything wrong by asking Ukrainian officials to investigate Hunter Biden's relationship with Burisma. There has been no evidence of wrongdoing by the Bidens, who reject Trump's allegations of graft, and officials in his administration have rebuked his claims about them.

Roughly a dozen U.S. troops showing concussion-related symptoms are being medically evacuated from Al-Asad Air Base in Iraq to Landstuhl Regional Medical Center in Germany, a defense official told Task & Purpose on Tuesday.

Read More

In a Galaxy — err, I mean, on a military base far, far away, soldiers are standing in solidarity with galactic freedom fighters.

Sitting at the top of an Army press release from March 2019, regarding the East Africa Response Force's deployment to Gabon, the photo seems, at first glance, just like any other: Soldiers on the move.

But if you look closer at the top right, you'll find something spectacular: A Rebel Alliance flag.

Read More
The maiden flight of the first CMV-22B Osprey took place in Amarillo, Texas (Courtesy photo)

The first of the CMV-22B Osprey tiltrotor aircraft the Navy plans on adopting as its carrier onboard delivery (COD) aircraft of choice has successfully completed its first flight operations, manufacturer Boeing announced on Tuesday.

Read More
A soldier plugs his ears during a live fire mission at Yakima Training Center. Photo: Capt. Leslie Reed/U.S. Army

Another 300 lawsuits against 3M flooded federal courts this month as more military veterans accuse the behemoth manufacturer of knowingly making defective earplugs that caused vets to lose hearing during combat in Iraq or Afghanistan or while training on U.S. military bases.

On another front, 3M also is fighting lawsuits related to a class of chemicals known as PFAS, with the state of Michigan filing a lawsuit last week against the Maplewood-based company.

To date, nearly 2,000 U.S. veterans from Minnesota to California and Texas have filed more than 1,000 lawsuits.

Read More

GENEVA (Reuters) - North Korea said on Tuesday it was no longer bound by commitments to halt nuclear and missile testing, blaming the United States' failure to meet a year-end deadline for nuclear talks and "brutal and inhumane" U.S. sanctions.

North Korean leader Kim Jong Un set an end-December deadline for denuclearization talks with the United States and White House national security adviser Robert O'Brien said at the time the United States had opened channels of communication.

O'Brien said then he hoped Kim would follow through on denuclearization commitments he made at summits with U.S. President Donald Trump.

Read More