The Ukrainian gas company at the centre of President Donald Trump’s impeachment was successfully hacked by Russian military agents in November, a US cybersecurity firm has said.
Area 1 Security said it was not clear what the hackers were searching for when they hacked Burisma Holdings.
Democratic presidential contender Joe Biden’s son Hunter Biden was previously on the board of the firm.
Burisma, the US government and Russia’s Ministry of Defence are yet to respond.
Area 1 linked the hack – a “phishing” attack – to Russia’s military intelligence unit known commonly as the GRU.
President Trump was impeached in December over allegations that he improperly pressured Ukraine’s leader Volodymyr Zelensky to launch an investigation into Burisma and its links to the Bidens.
The security firm also drew parallels between November’s hack and another that was carried out against Democrats in 2016, before the US presidential election.
How was Burisma hacked?
In its eight-page report, California-based firm Area 1 said the GRU hackers behind the Burisma breach are known by the alias “Fancy Bear” among cybersecurity researchers.
The hackers used “phishing” emails that are designed to steal usernames and passwords, the California-based security firm said.
In this case, Burisma employees were sent what looked like internal company emails and fake websites that looked like the sign-in pages of Burisma subsidiaries.
Using this tactic, the hackers managed to get into Burisma’s servers, it added.
Area 1 said it became aware of the hack after its email security scanning product found suspicious evidence online, including “decoy domains” for the fake websites.
A source close to Burisma told Reuters news agency that the company’s website had been subject to a number of break-in attempts over the past six months.
Why is Burisma important?
Burisma, a Ukrainian energy firm, is at the heart of the impeachment proceedings against President Trump.
In a phone call in July 2019, President Trump pushed for Ukrainian President Zelensky to announce an investigation into Burisma and the Bidens.
Specifically, Mr Trump wanted Kyiv to look into a debunked theory that Joe Biden had previously tried to quash a probe of Burisma in order to protect his son.
President Trump is now due to stand trail in the Senate on two articles of impeachment – abuse of power and obstruction of Congress. He denies any wrongdoing.
How is this linked to 2016?
The Burisma hack “really is starting to parallel with what we saw in 2016”, Area 1 co-founder Oren Falkowitz told Reuters.
That year, hackers gained access to the Democratic National Committee (DNC) and to the campaign of President Trump’s then-electoral rival, Hillary Clinton.
Area 1 co-founders Mr Falkowitz and Blake Darche added: “The timing of the GRU’s campaign in relation to the 2020 US elections raises the specter that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 US elections.”
Mr Darche also told Reuters that they were “100% certain” that the GRU was behind the hacking.