Russian Military Unit’s Phishing Campaign Designed to Covertly Access Burisma Account Credentials, Systems and Data
REDWOOD CITY, Calif., Jan. 14, 2020 /PRNewswire/ — Area 1 Security today shared the discovery of an active phishing campaign targeting Burisma Holdings, one of the largest private natural gas producers in the Ukraine – and a company that has been recently entangled in U.S. foreign and domestic politics.
A key aspect of attack preemption is having a deep understanding of cyber actor patterns, and continually discovering and deconstructing campaigns to anticipate future ones. During the course of its normal business of stopping phish, Area 1’s technology platform identified ongoing phishing campaigns by the Main Intelligence Directorate of the General Staff of the Russian Army (GRU) targeting employees at subsidiaries and partners of Burisma Holdings. The GRU’s phishing campaign started in early November 2019 and is designed to steal account credentials, such as usernames and passwords.
This specific phishing technique, known as credential harvesting, allows attackers to observe and gain control of an organization’s internal systems by utilizing trusted access methods. Targeting an organization’s subsidiaries or partners for credential harvesting gives a natural entrypoint for attackers to get inside the organization.
Once inside, threat actors such as GRU gain access to internal systems and data, impersonate employees through the unauthorized use of their email accounts, and manipulate business outcomes and public perception.
Additional details on Area 1’s research are available at https://www.area1security.com/phishing-burisma/.
“Cyber campaigns continue to be a geopolitical tool for waging war, influencing election, theft of intellectual property and financial assets, and espionage,” said Oren J. Falkowitz, Chief Executive Officer of Area 1 Security. “Yet time and again, we see that phishing campaigns like the GRU’s rely on human perception of authenticity, not on cutting-edge technology. Therefore, phishing campaigns are not insurmountable – and they can be stopped.”
Phishing campaigns are successful due to the authenticity imbibed by cyber actors. In order to counter their human ingenuity and thwart campaigns, effective protection requires understanding the elements of authenticity in a campaign paired with deep machine level analytics of campaign patterns to detect and act at scale.
Area 1 Security is the only security provider that continually tracks threat actors and preemptively blocks phishing campaigns and infrastructure in the wild. To learn more, visit www.area1security.com.
About Area 1 Security
Area 1 Security offers the only pay-for-performance solution in the cybersecurity industry – and the only technology that comprehensively blocks phishing attacks before they damage your business. Phishing is the root cause of 95 percent of security breaches.
Area 1 Security works with some of the most sophisticated organizations in the world, including Fortune 500 banks, insurance companies, and healthcare providers to preempt and stop targeted phishing attacks at the outset, improve their cybersecurity posture and change outcomes.
Area 1 Security is committed to Responsible Disclosure guidelines in all situations where it uncovers specific and verifiable campaign activity. As part of our commitment to those guidelines, Area 1 has been engaged with relevant stakeholders that have an interest in understanding this campaign in greater depth.