WASHINGTON - A computer security company reported Monday that Russian hackers sought access to the Ukraine gas company at the heart of the impeachment inquiry against President Donald Trump, and House Democrats warned the move threatened to interfere with the 2020 election.
Area 1 Security, a California company focused on email security, reported that members of Russian military intelligence known as the GRU launched a campaign in early November to steal email credentials from workers at Burisma Holdings.
The eight-page report does not say what information, if any, the GRU obtained or what it was looking for. The firm also did not speculate as to the GRU's motivations. But the target and timing of the apparent hacking, which happened in the middle of a presidential race and a House impeachment inquiry against Trump, quickly raised concerns among Democrats that Russia may be using similar hacking techniques to interfere in the 2020 presidential election.
Hunter Biden, the son of Democratic front-runner and former Vice President Joe Biden, served on Burisma's board. Trump's July 2019 call with Ukraine, in which he urged the country's president to investigate the Bidens and Burisma, led to the House's impeachment inquiry. But Trump has said his goal was to fight corruption in Ukraine and he expects to be exonerated in the pending Senate trial.
U.S. officials have discredited accusations about Ukraine and the Bidens as conspiracy theories.
FBI Director Christopher Wray has said there is no evidence Ukraine meddled in the 2016 election. Fiona Hill, a former National Security Council official, testified in the impeachment inquiry that accusations against Ukraine are Russian propaganda.
Kurt Volker, a former U.S. special representative to Ukraine, testified that it wasn't credible that Joe Biden would have been "influenced in any way by financial or personal motives in carrying out his duties as vice president."
Andrew Bates, a spokesman for Biden's 2020 campaign, said the Burisma hacking illustrated that Russia seeks to meddle in the campaign to help Trump.
Impeachment: House to vote Wednesday to send Trump impeachment articles to Senate
"Donald Trump tried to coerce Ukraine into lying about Joe Biden and a major bipartisan, international anti-corruption victory because he recognized that he can't beat the vice president," Bates said. "Now we know that Vladimir Putin also sees Joe Biden as a threat. Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections."
The cyberattack against Burisma involved phishing, an effort in which hackers mimic legitimate organizations to trick targets into divulging email passwords and other information, according to Area 1's report.
Blake Darche, Area 1's co-founder and chief security officer, said his firm is certain that the phishing campaign, which involved stealing email credentials of employees at Burisma and its subsidiaries and partners, was orchestrated by the GRU.
"We have been tracking this attacker for five years. Our attributions of this attack is 100% accurate," Darche said. "Area 1 Security has multiple data points on this. We know it's GRU."
On the ground in Ukraine: Trump's conspiracy theories thrive in Ukraine, where a young democracy battles corruption and distrust
Darche said his company correlated its findings with the indictments against members of the GRU in 2018. Former special counsel Robert Mueller indicted 12 Russian military intelligence officers for hacking Democratic political organizations as part of a broader scheme to interfere in the 2016 presidential election.
Stuart Madnick, director of cybersecurity at the Massachusetts Institute of Technology who reviewed Area 1's report, said there's good evidence, including tension between Russia and Ukraine, to believe the GRU is the culprit. But he cautions that it's hard to trace the origin of cyberattacks, and capable hackers tend to plant evidence to blame another country.
"This is the game they all play. ... I have no evidence indicating that it isn't the Russians. There's a lot of clues relating to the Russians. (But) people repurpose weaponry all over the place," Madnick said. "I have no evidence to contradict (Area 1's findings). I'm just giving this as a caution."
The apparent cyberattack on Burisma worried House Democrats, who cited previous efforts by Russia.
House Speaker Nancy Pelosi, D-Calif., said the hacking reports deserve urgent action to protect the integrity of the 2020 election.
"The alarming reports that the Russian Government is continuing to interfere in our elections to benefit the President and to undermine our democracy highlight the urgent need for action," Pelosi said in a statement. "Congress must be briefed on what the Administration knows about this attack and why the President doesn't have a plan to protect our elections."
House Judiciary Committee Chairman Jerry Nadler, D-N.Y., told reporters the Burisma hack was evidence Russians were trying to help Trump again.
"We know that the Russians wanted Donald Trump elected last time and they actively supported him," Nadler said. "We know the president tried to get foreign help, tried to extort foreign help for the next election campaign. And it looks like the Russians are trying to open up again."
"The Russians appear to be at it again," House Intelligence Committee Chairman Adam Schiff, D-Calif., said in a tweet. "According to a new report, they're hacking information that could be a prelude to more election interference in 2020. And again, it appears aimed to help Trump. We must reject foreign meddling."
Former Secretary of State and Democratic presidential candidate Hillary Clinton posted a similar tweet, asking, "Will the Russians help pick our (president) again?"
House Homeland Security Committee Chairman Bennie Thompson, D-Miss., said the 2016 election showed the lengths Russians would go to interfere with U.S. elections and warned the meddling could get worse this year.
"If accurate, the reporting shows the lengths the Russian government will go to help the president win re-election and undermine our democracy," Thompson said.
Exclusive: Nevada poll shows Biden-Sanders showdown in a tightening Democratic race
The House impeached Trump on articles accusing him of abuse of power and obstruction of Congress. Trump is accused of urging Ukraine to investigate his political rival while withholding $391 million in military aid from the country, and then defying congressional subpoenas during the inquiry.
Darche said his firm came across the phishing campaign as part of its day-to-day operations, which involved gathering different types of data on cyberattacks.The campaign sought email credentials by sending messages from malicious computer domains that appeared similar to legitimate sources, according to the report.
The attackers targeted multiple email accounts within Burisma and its subsidiaries, which allowed them to access emails within the same server. Darche declined to provide more details, including who owned the targeted email accounts or what their positions are within Burisma. He also did not say whether his company has reached out to or talked to someone from Burisma about the hacking.
Russians engaged in a similar strategy in 2016, when they gained access to the emails to Democratic campaign officials. One target was John Podesta, the campaign manager for Democratic presidential nominee Hillary Clinton, whose emails were hacked and published.
In its report, Area 1 drew parallelisms with other phishing campaigns believed to have been orchestrated by the GRU against liberal philanthropist George Soros and American political organizations. The report says the attacks, like the one against Burisma, involved the use of similar-looking malicious domains.
The report also briefly mentioned a similar phishing campaign against a media company founded by Ukraine President Volodymyr Zelensky. Darche said the GRU began targeting the company during the presidential election in Ukraine in 2019. He said the campaign became more aggressive as Zelensky began to emerge as a front-runner.
"All cyber actors have goals, and they figure out what works to guarantee they are successful with the least resistance possible," the Area 1 report said.
Contributing: Nicholas Wu
This article originally appeared on USA TODAY: Russians hacked Ukraine company Burisma, Area 1 report says