With President Trump facing an impeachment trial over his efforts to pressure Ukraine to investigate former Vice President Joe Biden Jr. and his son Hunter Biden, Russian military hackers have been boring into the Ukrainian gas company at the center of the affair.
The hacking attempts against Burisma, the Ukrainian gas company on whose board Hunter Biden served, began in early November, as talk of the Bidens, Ukraine and impeachment was dominating the news in the United States.
Security experts say the timing and scale of the attacks suggest that the Russians could be searching for potentially embarrassing material on the Bidens — the same kind of information that Trump wanted from Ukraine when he pressed for an investigation of the Bidens and Burisma, setting off a chain of events that led to his impeachment.
The Russian tactics are strikingly similar to what American intelligence agencies say was Russia’s hacking of emails from Hillary Clinton’s campaign chairman and the Democratic National Committee during the 2016 presidential campaign.
In that case, once they had the emails, the Russians used trolls to spread and spin the material, and built an echo chamber to widen its effect.
Then, as now, the Russian hackers from a military intelligence unit known formerly as the G.R.U., and to private researchers by the alias “Fancy Bear,” used so-called phishing emails that appear designed to steal usernames and passwords, according to Area 1, the Silicon Valley security firm that detected the hacking. In this instance, the hackers set up fake websites that mimicked sign-in pages of Burisma subsidiaries, and have been blasting Burisma employees with emails meant to look like they are coming from inside the company.
The hackers fooled some of them into handing over their login credentials, and managed to get inside one of Burisma’s servers, Area 1 said.
“The attacks were successful,” said Oren Falkowitz, a co-founder of Area 1, who previously served at the National Security Agency. Mr. Falkowitz’s firm maintains a network of sensors on web servers around the globe — many known to be used by state-sponsored hackers — which gives the firm a front-row seat to phishing attacks, and allows them to block attacks on their customers.
“The timing of the Russian campaign mirrors the G.R.U. hacks we saw in 2016 against the D.N.C. and John Podesta,” the Clinton campaign chairman, Mr. Falkowitz said. “Once again, they are stealing email credentials, in what we can only assume is a repeat of Russian interference in the last election.”
The Justice Department indicted seven officers from the same military intelligence unit in 2018.
The Russian attacks on Burisma appear to be running parallel to an effort by Russian spies in Ukraine to dig up information in the analog world that could embarrass the Bidens, according to an American security official, who spoke on the condition of anonymity to discuss sensitive intelligence.
The spies, the official said, are trying to penetrate Burisma and working sources in the Ukrainian government in search of emails, financial records and legal documents.
American officials are warning that the Russians have grown stealthier since 2016, and are again seeking to steal and spread damaging information and target vulnerable election systems ahead of the 2020 election.
In the same vein, Russia has been working since the early days of Trump’s presidency to turn the focus away from its own election interference in 2016 by seeding conspiracy theories about Ukrainian meddling and Democratic complicity.
The result has been a muddy brew of conspiracy theories that mix facts, like the handful of Ukrainians who openly criticized Trump’s candidacy, with discredited claims that the D.N.C.’s email server is in Ukraine and that Biden, as vice president, had corrupt dealings with Ukrainian officials to protect his son.
Spread by bots and trolls on social media, and by Russian intelligence officers, the claims resonated with Trump, who views talk of Russian interference as an attack on his legitimacy.
With Biden’s emergence as a front-runner for the Democratic nomination last spring, the president latched on to the corruption allegations, and asked that Ukraine investigate the Bidens on his July 25 call with President Volodymyr Zelensky of Ukraine.
The call became central to Trump’s impeachment last month.
The Biden campaign sought to cast the Russian effort to hack Burisma as an indication of Biden’s political strength, and to highlight Trump’s apparent willingness to let foreign powers boost his political fortunes.
“Donald Trump tried to coerce Ukraine into lying about Joe Biden and a major bipartisan, international anti-corruption victory because he recognized that he can’t beat the vice president,” said Andrew Bates, a spokesman for the Biden campaign.
“Now we know that Vladimir Putin also sees Joe Biden as a threat,” Bates added. “Any American president who had not repeatedly encouraged foreign interventions of this kind would immediately condemn this attack on the sovereignty of our elections.”
The corruption allegations hinge on Hunter Biden’s work on the Burisma board.
The company hired Biden while his father was vice president and leading the Obama administration’s Ukraine policy, including a successful push to have Ukraine’s top prosecutor fired for corruption.
The effort was backed by European allies.
The story has since been recast by Trump and some of his staunchest defenders, who say Biden pushed out the prosecutor because Burisma was under investigation and his son could be implicated.
Rudy Giuliani, acting in what he says was his capacity as Trump’s personal lawyer, has personally taken up investigating the Bidens and Burisma, and now regularly claims to have uncovered clear-cut evidence of wrongdoing.
The evidence, though, has yet to emerge, and now the Russians appear to have joined the hunt.