Any relationship between former Vice President Joe Biden, his son and the Ukrainian gas company Burisma has become a central figure in the 2020 election campaign and the impeachment of Donald Trump. Now, in a situation with echoes of the 2016 election, the New York Times reports that a security firm claims it has detected successful phishing attacks on Burisma by hackers connected to Russia.
In 2016, hackers released emails from the Democratic National Committee they accessed after using a targeted attack against Hillary Clinton's campaign manager. Area 1, a security firm that specializes in defense against phishing, says in its report (PDF) that it has discovered a network of fake websites used by the G.R.U., a Russian military intelligence unit, built to target subsidiaries of Burisma. Security researcher Kyle Ehmke noted some of the suspicious domains in December.
Relevant hosting IPs:— Kyle Ehmke (@kyleehmke) December 16, 2019
Also mail server mail.kvatral95[.]com is hosted on a probable dedicated server at 45.89.175[.]235. (2/6) pic.twitter.com/2FTcavbhxh
They then sent emails to employees of the companies with links to their fake pages, created as replicas of internal websites so they could collect their logins and use them to access its servers.
The experts speculate that the scheme was looking for information to use against Biden, a potential candidate for the Democratic party in this year's presidential election. The scope of "election security" efforts will continue to get wider this year, and it appears that the same kind of tricks government agencies and others have noted will continue yet again.