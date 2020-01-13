The Ukrainian natural gas company that prompted President Donald Trump to seek investigations from Ukraine’s president over its hiring of former Vice President Joe Biden’s son was hacked by Russian spies, security experts said in a report released Monday.

The Main Intelligence Directorate of the General Staff of the Russian Army, or GRU, “launched a phishing campaign targeting Burisma Holdings” as early as November 2019, according to cybersecurity firm Area 1 Security.

“The Russians were trying to steal user names” and “from that perspective they were successful,” Oren Falkowitz, a co-founder of Area 1 and a former employee of the National Security Agency and United States Cyber Command, said Monday night. “What they intend to do from there is unknown,” he said.

The New York Times first reported Area 1’s conclusions.

Burisma employed the vice president’s son as a board member in May 2014. Hunter Biden stopped working with the company in 2019.

Hunter Biden’s job with the gas company has prompted criticism, including from defenders of Trump. Hunter Biden admitted in October that his last name was the likely reason he was offered a seat on the board.

Trump was impeached in part because of allegations that in a July phone call, Trump asked Ukraine President Volodymyr Zelenskiy to investigate Biden and his son and appeared to raise unfounded allegations that the former vice president stopped prosecution of the company.

Area 1 Security said in its report that the phishing campaign carried out by the GRU was designed to steal email credentials and passwords of employees at Burisma Holdings, as well as its subsidiaries and partners.

John Podesta, former chairman of Hillary Clinton’s campaign, had his emails hacked during the 2016 presidential campaign through phishing. Falkowitz said of the attack on Burisma “it’s almost entirely the exact same thing.”

Phishing campaigns depend on the human perception of authenticity and can be stopped, he said in a statement. Around 95 percent of all cyberattacks involve phishing, he said.

Twelve people said to be members of the GRU were indicted in 2018 by U.S. prosecutors in connection with the hacking of Democratic organizations and the campaign of Hillary Clinton in the 2016 election.

U.S. Rep. Adam Schiff, D-California, who chairs the House Intelligence Committee and has been a key figure in Trump’s impeachment, said the alleged hacking shows that Russia was still interested in interfering with U.S. elections.

“It would not at all surprise me. This is indeed exactly what Bob Mueller warned about in his testimony: That the Russians would be at this again,” Schiff said on MSNBC Monday night, referring to the special counsel who investigated Russia’s attempts to interfere in the 2016 election and whether there was any coordination with the Trump campaign.

“They appear, if this reporting is correct, to be in the midst of another hacking and potentially another dumping operation designed to influence another election,” Schiff said of the Russian government.

The White House did not immediately respond to a request for comment Monday night.

Area 1 Security said in its report that the targeting of a Ukrainian company by the GRU is not particularly novel, but “it is significant because Burisma Holdings is publicly entangled in U.S. foreign and domestic politics.”

“The timing of the GRU’s campaign in relation to the 2020 U.S. elections raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections,” the Area 1 Security report said.

Area 1 Security said that the campaign by the GRU against Burisma Holdings began as early as November.

That’s about two months after a whistleblower complaint accused Trump of pressuring the Ukrainian president to investigate the Bidens. The whistleblower complaint was unsealed in September.

Falkowitz said Area 1 had been through a rigorous and standard process to notify U.S. authorities about the cyberattack within the last week but he declined to comment further.

He said the report is significant in that it shows a phishing attack in progress, rather than after the fact.

The phishing technique used is described as credential harvesting and involves stealing account information like usernames and passwords. That can allow groups to get inside systems and impersonate employees.

A spokesman for the former vice president’s 2020 presidential campaign said that the Area 1 report ‘proves that both Donald Trump and Vladimir Putin understand the true stakes of this election.’

“Donald Trump tried to coerce Ukraine into lying about Joe Biden and a major bipartisan, international anti-corruption victory because he recognized that he can’t beat the Vice President,” Biden campaign spokesman Andrew Bates said. “Now we know that Vladimir Putin also sees Joe Biden as a threat. Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections.”