(Bloomberg) -- U.S. spy agencies are tracking a Russian hacking attack against a Ukrainian gas company linked to the impeachment of President Donald Trump, including whether it was done to find damaging information on former Vice President Joe Biden’s family, according to a senior U.S. official.
The U.S. is reviewing evidence of the hack at Burisma Holdings first disclosed by researchers at security company Area 1, according to Shelby Pierson, the election threats executive for the Office of the Director of National Intelligence.
When asked whether there are concerns the attack by Russian intelligence was done to find derogatory information on Biden which could then be used to undermine his presidential campaign, Pierson said intelligence officials are examining that possibility. The vice president’s son, Hunter, was once on the company’s board.
“We try to keep a very open mind as to why intelligence services would be pursuing this information which could of course include the scenarios that you outlined,” Pierson said Tuesday on the sidelines of an election security conference in Washington.
“Before we even jump to a conclusion of intent we’re always looking for what are those compromises,” she said. “Let’s just not forget that some of this can be for reconnaissance purposes or for other applications that have nothing to do with a messaging campaign.”
On Bidens and Ukraine, Wild Claims With Little Basis: QuickTake
Pierson later said in an interview with MSNBC that “we’ve long talked about the Russians as a threat so we certainly are tracking that.”
Russian officials have long denied that they meddle in foreign elections.
Researchers at Area 1, which is run by a former National Security Agency official, said Russian hackers sent phishing emails to subsidiaries of Burisma to try to penetrate the Ukrainian energy company.
The email accounts of Burisma employees were accessed, but it’s unclear how that was used or what material may have been gained, according to the company’s report released on the hack released Monday.
Read More: Russian Hackers Attacked Burisma in Midst of Impeachment Inquiry
Hunter Biden was on Burisma’s board from 2014 until last year. Trump’s personal lawyer, Rudy Giuliani, has peddled a discredited theory that the elder Biden, when he was vice president, derailed an investigation into Burisma to protect his son.
In a July 25 telephone call, Trump asked Ukrainian President Volodymyr Zelenskiy to “look into” allegations of wrongdoing by Biden. The call triggered an impeachment inquiry, which began in September and is expected to lead to the president’s trial in the U.S. Senate starting next week.
Hackers for the Russian intelligence agency GRU began attacking Burisma as early as November, according to Area 1. The operation was still active when Area 1 published its report on Monday, said Oren Falkowitz, the company’s chief executive officer.
Tracking election interference operations by the GRU “is a top priority” for the U.S., Pierson told MSNBC. “We are certainly tracking all of the threat vectors that are active in this landscape as we move into the heyday of election season, not only for the primaries but certainly for the main Election Day in November,” she said.
House Speaker Nancy Pelosi said the Area 1 report showed the need to bolster election security heading into this year’s presidential race.
“The alarming reports that the Russian government is continuing to interfere in our elections to benefit the president and to undermine our democracy highlight the urgent need for action,” Pelosi said in a statement on Tuesday.
The email phishing tactics used by the GRU to infiltrate Burisma were “similar, if not identical” to methods applied in 2016 to attack Democrats, including the presidential campaign of Hillary Clinton, said Falkowitz. If those tools are still working, they’re likely to be used again to attack state election systems and campaigns in 2020, he said.
“Hacking is a lazy man’s sport; it’s a matter of finding the path to least resistance,” said Falkowitz. “The reason they’re still using the same methods is because they work. Hackers don’t have to do anything different if they’re successful.”
To contact the reporters on this story: Chris Strohm in Washington at firstname.lastname@example.org;Kartikay Mehrotra in San Francisco at email@example.com
To contact the editors responsible for this story: Bill Faries at firstname.lastname@example.org, Kevin Whitelaw
©2020 Bloomberg L.P.