Ukraine has kicked off an investigation into a suspected cyberattack by so-called "Russian military hackers" on the energy company Burisma requesting assistance from the FBI. As The New York Times claimed Monday, Fancy Bears or Advanced Persistent Threat (APT) 28, allegedly subjected the energy company to phishing attacks, citing a recent report by Area 1 Security, a California-based American cybersecurity firm.
Burisma entered the spotlight light during the Democrats-driven impeachment process against Donald Trump due to its connections with the son of presidential candidate and former Vice President Joe Biden, Hunter, who previously served on the company's board of directors and is believed to have financially benefitted from the apparent nepotistic scheme.
Falling short of confirming whether the hackers obtained any information, the Area 1 report says that the timing of the alleged malicious activities in relation to the 2020 US elections "raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 US elections", referring to unfounded allegations of Russia's interference in the previous US presidential race and hacking of the Democratic National Committee (DNC).
Media Fuss Over Alleged Burisma Hack is 'Distraction'
"The level of media attention given to this story in the United States is curious", says Matthew Wilson, an associate professor of political science at Southern Methodist University. "Assuming that this hacking did, in fact, occur – and I have no reason to doubt that it did – nothing has yet come of it. No one in Russia (or elsewhere) has released anything about the Bidens gleaned from a hack of Burisma’s servers, and discussion of the motives behind the hack is entirely speculative".
According to the professor, "one almost suspects that it is simply an attempt by some in the American media to get the words 'Trump', 'Russia', and 'impeachment' into the same headline" ahead of a Senate impeachment trial that is likely to commence very shortly.
For her part, Laura Wilson, a political science professor at the University of Indianapolis, does not rule out that the hacking allegations serve as distraction from two important events: the Trump impeachment and the US 2020 presidential elections.
"As the Senate takes up the question of removal of office after the House passed the impeachment resolution, and the parties and candidates prepare for the upcoming primary elections, these major events will undoubtedly play a significant role in shaping the future of our country and require attention and focus", she says.
According to Wilson, "distractions in any way should be considered just that, distractions, and though other issues will come up, they need to be evaluated fairly and swiftly given their potential impact relative to the importance of the impeachment and election".
Jim Jatras, ex-US diplomat and foreign policy adviser to the Senate GOP leadership, says that as soon as Trump survives the trial, "the claim that he undermined our national security by betraying our so-called ally Ukraine and 'Look, what the Russians did, they are already interfering in our politics! Look, they hacked Burisma!' will be a constant same drumbeat like 'Russia, Russia, Russia…' We saw for the last three years or so. It will continue or even intensify before the election".
It's 'Less Than Definitive' That Fancy Bears Hacked Burisma
American monthly Wired noted Tuesday that "it's still not entirely proven" that Fancy Bears did hack Burisma citing cybersecurity analysts who see Area 1's evidence tying the alleged phishing campaign to the aforementioned hackers as "less than definitive".
The media outlet quotes security firm ThreatConnect that shared its brief analysis of the phishing campaign's features on Twitter concluding that "none of these characteristics are definitively indicative of APT28 activity" and that "we don't have any specific information on how the domains have been operationalised".
Ultimately, none of these characteristics are definitively indicative of APT28 activity and we don't have any specific information on how the domains have been operationalized.
— Kyle Ehmke (@kyleehmke) January 14, 2020
Wired added that in response to its request, Area 1 Security said it has more evidence to back up its findings but declined to share it publicly.
Area 1 Security's belief that the hacking was conducted by "Russian military hackers" originates from earlier assumptions made by Crowdstrike, a former DNC contractor, that hacker group Fancy Bear, which supposedly broke into the DNC email servers in 2016, had something to do with Russia's Main Intelligence Department (GRU). However, this connection has never been proven beyond a reasonable doubt. Furthermore, according to some cyber experts, the so-called "Fancy Bear" or Advanced Persistent Threat (APT) 28 could be nothing more than a collection of hacking tools originating from the dark web that can be used by virtually anyone.
On the other hand, Veteran Intelligence Professionals for Sanity (VIPS), a group of former officers from the United States Intelligence Community, has repeatedly stated that the leak of DNC files was an inside job and not an external breach into the committee's system.
