Watch CBS News

Russians hacked Burisma, the Ukrainian firm connected to the impeachment inquiry

Russia accused of hacking Burisma
Russia accused of hacking Burisma, the gas company at center of impeachment probe 05:33

Russian military hackers late last year infiltrated Burisma Holdings, the Ukrainian energy company where Hunter Biden, Joe Biden's son, was previously a board member, according to a report from cybersecurity firm Area 1. The operation began in early November, as a congressional impeachment inquiry into President Donald Trump was underway.  

That inquiry examined whether Mr. Trump abused his office by pressuring Ukrainian President Volodymyr Zelensky to announce an investigation into Burisma and the Bidens. 

The hacking campaign was carried out by the Russian intelligence agency GRU, according to Area 1, the Silicon Valley-based company that discovered the breach. It is unclear what kinds of materials the hackers accessed or sought.

The New York Times was first to report on the hacking campaign.

Area 1 said the GRU hacking group, also known as "Fancy Bear," launched a phishing campaign targeting Burisma employees in an effort to steal their usernames and passwords and enable the hackers to access employee accounts.

"We don't know what (the GRU is) going to do," Area 1 co-founder and CEO Oren Falkowitz told CBS News in a phone interview. "I can just tell you from my experience working for the U.S. government: It's impossible to know what a hacker wants. You can just sometimes see that they're doing it." 

An image of Burisma Holdings' email login page. Cybersecurity firm Area 1 released a report stating Russian hackers set up a page that mimicked this one in order to steal email usernames and passwords from Burisma employees just as the impeachment inquiry against President Trump was getting underway. Area 1 Security

Falkowitz said he spent seven years working at the National Security Agency, including some with an elite hacking unit known as Tailored Access Operations.

"Our report is not noteworthy because we identify the GRU launching a phishing campaign, nor is the targeting of a Ukrainian company particularly novel," the report says. "It is significant because Burisma Holdings is publically [sic] entangled in U.S. foreign and domestic politics."  

U.S. intelligence officials concluded that Russian hackers linked to GRU were responsible for hacking the email servers of the Democratic National Committee during the 2016 election. The emails were eventually disseminated through DCLeaks and WikiLeaks and amplified by a network of bot accounts on social media. 

Intelligence agencies later concluded that the hack was designed to boost the election chances of Donald Trump and damage those of Hillary Clinton.  

"The timing of the GRU's campaign in relation to the 2020 U.S. elections raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections," the Area 1 report said.

Falkowitz warned that, "The hackers' relatively low-tech approach is a reminder that cyber attacks do not have to be sophisticated to be successful. ... Once again, phishing attacks were the root cause of a cyber security incident, which is the case in 95% of cybersecurity damages." 

The Biden campaign declined to comment on the specifics of the report, but seized on the  findings to criticize the president.

"Donald Trump tried to coerce Ukraine into lying about Joe Biden and a major bipartisan, international anti-corruption victory because he recognized that he can't beat the Vice President. Now we know that Vladimir Putin also sees Joe Biden as a threat," the Biden campaign's rapid response director Andrew Bates told CBS News. "Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections."

No evidence has emerged that Hunter or Joe Biden broke any U.S. or Ukrainian laws in relation to Hunter's tenure on the Burisma board.

Burisma did not immediately respond to a request for comment.

Area 1 also said the phishing campaign was connected to another one targeting a media organization founded by Zelensky.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.