Accessibility links

Breaking News

Report: Russia Hacked Ukrainian Energy Firm Tied To Impeachment Inquiry

Hackers from Russia’s military intelligence unit, the GRU, have allegedly targeted a Ukrainian energy firm tied to the impeachment proceedings against U.S. President Donald Trump.

Cybersecurity experts at California-based Area 1 Security released a report on January 13 that found Burisma Holdings, where the son of presidential front-runner Joe Biden sat on the board, was successfully penetrated in a wide-ranging phishing campaign that stole e-mail credentials of employees.

It isn't clear if anything was stolen from the company or its subsidiaries, which were initially targeted, if any information was gleaned, and what the ultimate goal of the hackers was.

Hunter Biden, the son of former Vice President Joe Biden, was a board member of Burisma from 2014 until last year.

Trump asked Ukrainian President Volodymyr Zelenskiy to "look into" allegations of wrongdoing by the Bidens and the energy firm in a July 25 phone call. Their conversation was the subject of an ensuing whistle-blower's complaint that triggered the impeachment investigation, which began in September.

The U.S. president has since been charged with abuse of office and obstruction of Congress by the Democratic-led House of Representatives, which is scheduled on January 14 to vote on the timing of when to send the articles of impeachment to the Republican-controlled Senate for a trial on whether to remove him from office.

No evidence of corruption by either of the Bidens has surfaced in light of allegations by Trump's personal lawyer, Rudy Giuliani, that the former vice president sought to protect his son by pressuring Ukrainian officials.

Evidence has yet to emerge of allegations that Joe Biden pushed for the ouster of Ukraine's chief prosecutor when he served as vice president and was seen as then-President Barack Obama's point man on Ukraine.

U.S. allies in Europe and Ukraine's international lenders supported Joe Biden because successive chief prosecutors were believed to have been either obstructing or stalling investigations into high-profile corruption cases, including probes into Burisma.

The alleged hacker group used a similar phishing pattern and is directly connected to Fancy Bear, the same Russian cyber-infiltrators of the Democratic National Committee in the months leading up the 2016 presidential election that Trump, a Republican, won.

The GRU featured prominently in the Mueller report on Russian interference in the 2016 presidential campaign, which concluded that Russia hacked the Democratic Party and Hillary Clinton's campaign to help Trump.

Russia has denied meddling in the 2016 presidential campaign and election.

Area 1's eight-page report said the cyberattacks on Burisma began in November, when Ukraine and impeachment, as well as talk of the Bidens, were dominating news headlines in the United States.

Zelenskiy Firm Targeted

"Area 1 Security has also further connected this GRU phishing campaign to another phishing campaign targeting a media organization founded" by Zelensky, the report said.

The New York Times, which first wrote about the anti-phishing company's report, said the attack "appears to have been aimed at digging up e-mail correspondence" of Studio Kvartal 95, which then was headed by Ivan Bakanov, whom Zelenskiy appointed as head of Ukraine's Security Service in June.

With reporting by Cyberscoop, The New York Times, Bloomberg, Reuters, and AP
  • 16x9 Image


    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.