A U.S. cybersecurity firm issued a report this week claiming that a Russian military intelligence agency hacked Burisma Holdings Ltd., a Ukrainian natural gas company that has featured heavily in President Trump's impeachment.
Redwood City, Calif.-based Area 1 Security, a cybersecurity firm founded by former National Security Agency employees, didn't mince words in its report Monday: "The campaign against the Ukrainian oil and gas company was launched by the Main Intelligence Directorate of the General Staff of the Russian Army or GRU."
Gone are the typical caveats that sprinkle many cybersecurity reports, like: "we assess with medium confidence" or "based on similar tactics, techniques and procedures." Instead, Area 1 stated "the GRU was successful" in its monthslong phishing campaign aimed at Burisma, where Democratic presidential candidate Joe Biden's son Hunter Biden had sat on the board for five years.
House impeachment investigators dug up evidence that President Trump pressured Ukrainian President Volodymyr Zelenskiy to investigate Hunter Biden's Burisma connections as a condition for U.S. military aid to Ukraine.
Area 1's report was heavy on conclusions about Russia's involvement in the latest hacking campaign targeting Ukraine but light on technical evidence, as many cybersecurity experts and journalists pointed out.
The firm has been wrong before. In 2017, an Area 1 report marked "confidential" wrongly identified Saudi Arabian Oil Co. as the victim of a first-of-its-kind cyberattack on industrial safety systems, Foreign Policy reported. Several other cybersecurity firms had issued warnings about the Triton malware — which was built to override a digital safety net at a petrochemical facility — but they declined to reveal the name of the victim.
Saudi Arabia's state-owned oil company emphatically denied any intrusion had occurred. "Saudi Aramco corporate and plants networks were not part of any cyber security attack or breach," the firm told Foreign Policy.
In 2017, it was in fact Petro Rabigh, which isn't under the Aramco corporate umbrella, that was hit by the Triton malware.
Both Area 1 reports pass the "laugh test." As for the recent hack against Burisma, could it be true that the GRU hacked a Ukrainian gas company to gain intel ahead of the 2020 U.S. presidential election or to position Russian hackers inside a foe's critical infrastructure? Absolutely. Would Aramco plausibly be the target of a sophisticated malware that caused a shutdown at a petrochemical plant? Sure.
Still, there's an open question: In 2019, was Burisma really hacked by the GRU?
— Blake Sobczak
Bits and bytes
Area 1 Security Inc. co-founders warn an alleged hack of Ukrainian gas firm Burisma Holdings Ltd. could be a harbinger for cyberthreats to the 2020 U.S. presidential election. E&E News
An Iran-linked "password spraying" campaign aimed at U.S. utilities counts among escalating hacking risks facing North American critical infrastructure. E&E News
The NSA disclosed a software bug affecting a core part of Windows operating systems, a rare move that experts say underscores the severity of the vulnerability. Wired
Israeli data analysis firm Cellebrite, popular with U.S. police hoping to unlock iPhones, appears to have helped extract text messages from Lev Parnas, a key figure in President Trump's impeachment. Motherboard
The top cybersecurity adviser for Democratic presidential hopeful Pete Buttigieg's campaign resigned this month, citing differences with leadership. Wall Street Journal