Russia’s Fancy Bear successfully hacked Burisma during impeachment probe

As the House Intelligence Committee held impeachment hearings last fall, members of the Russian GRU, known as Fancy Bear, successfully hacked Burisma, the Ukrainian energy company at the center of the impeachment investigation.

In an echo of the 2016 presidential election cycle where Russian hackers pilfered and released damaging emails on then candidate Hillary Clinton to influence voters to support Donald Trump, a New York Times report said the hackers used phishing to access a Burisma server, sparking concerns that they may be planning to leak information in an attempt to hurt 2020 presidential candidate former Vice President Joe Biden, whose son Hunter was paid handsomely to sit on the board of the company.

In an eight-page report, Area 1 Security said Fancy Bear launched a phishing campaign against Burisma Holdings and its affiliates in early November 2019 as the House impeachment probe was in full swing using common techniques – domain-based authenticity, business process and application authenticity and partner and supply chain authenticity.

“The GRU was successful because they found ways to appear authentic to their targets, rather than using any technical sophistication,” the report said. “Everything about their approach is technically unremarkable, yet highly effective.”

Area 1 Security was able to correlate the tactics, techniques and procedures (TTPs) used in the Burisma attacks to phish for credentials to those used by the GRU in other campaigns.  “Repeatedly, the GRU uses Ititch, NameSilo, and NameCheap for domain registration; MivoCloud and M247 as Internet Service Providers; Yandex for MX record assignment; and a consistent pattern of lookalike domains,” the Area 1 report found.

Calling Russian hackers apparent efforts to dig up dirt on the Bidens “disturbing,” Rep. Bennie Thompson, D-Miss., chairman of the House Homeland Security Committee, said in a statement that it “shows the lengths the Russian government will go to help the President win re-election and undermine our democracy.”

Thompson expressed frustration that efforts by Democrats to get the Trump administration to take a strong stance against election meddling have not gained traction. “The Russians are emboldened because the President refuses to stand up to [Russian President Vladimir] Putin,” he said. “It is time for Congressional Republicans to stop their complacency and help us hold the President accountable for failing to defend the integrity of our elections.” 

Contending that “Russia showed us their playbook in 2016, and intelligence officials across the government have warned that Russian meddling will only get worse this year,” Thompson said, “the president owes it to all Americans to condemn all forms of election interference and demand Putin put a stop to it.”

UPDATE: As senators prepare for President Trump's impeachment trial, Ukraine announced that it was investigating the Burisma hack and solicited help from the FBI. The country, at the heart of the impeachment inquiry, is also probing the possible surveillance of former U.S. Ambassador to Ukraine Maria Yovanovitch after Lev Parnas, an indicted associate of Trump attorney Rudy Giuliani, provided texts that indicate the ambassador was being spied on as part of an effort to have her ousted.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.