REDWOOD CITY (KPIX 5) — A Russian military unit has conducted sustained cyberattacks against the Ukrainian gas company at the center of the Trump impeachment, according to Area 1 Security, based in Redwood City.
Blake Darche, co-founder of Area 1, says the company has been tracking the “Main Intelligence Directorate of the General Staff of the Russian Army,” or GRU, for the past five years. He says the unit was responsible for hacking the email servers of the Democratic National Committee in 2016.
Darche says very similar methods were used to steal the credentials of employees at Burisma Holdings, based in Ukraine’s capital city of Kyiv.
The findings were revealed in a newly released Area 1 study titled “Phishing Burisma Holdings.”
“For about the last five years, the GRU has maintained very similar phishing operations, they’ve changed things very little. There’s been no need to change things because it still works,” said Darche. “We’re over 100% confident that this was the GRU military hackers.”
Darche says the attacks began in November 2019 when GRU operatives began blasting out phishing emails to various targets within Burisma and its subsidiaries. The hackers set up spoofed websites, fakes that look like authentic login pages for employee email accounts.
The hackers successfully obtained some login credentials and accessed one of Bursima’s servers. It’s unclear what the GRU saw or what it was looking for, Darche said.
“We saw (Burisma) being phished actively, in multiple waves, by a very determined adversary,” said Darche, “We have extensive attribution of GRU. We know quite a bit about how they operate.”
But Darche says the GRU hackers failed to take proper precautions to shield themselves from detection, and “didn’t cover their tracks.”
“When you hire a lot of hackers to hack as a full time job, to hack into different entities, eventually the process breaks down. What ends up happening, people get lazy. They don’t feel like doing something they’re supposed to do, and then the whole thing falls apart,” said Darche.
Darche also addressed critics who said the companies efforts are politically motivated.
“We’re not politically motivated. We have people that vote for both sides of the aisle at this company. We’ve been supporting both Democratic and Republican organizations. We don’t have a favorite,” said Dorche.