Security News > 2020 > January > Phishing Campaign Targeting Ukrainian Firm Burisma Linked to Russian Cyberspies
A phishing campaign apparently aimed at Burisma, the Ukrainian gas company that is at the center of President Donald Trump's impeachment, has been linked by cybersecurity researchers to a hacker group believed to be working on behalf of the Russian government.
Area 1 Security, a California-based cybersecurity firm that specializes in anti-phishing solutions, on Monday published a report describing a phishing campaign apparently aimed at Burisma, its subsidiaries and its partners.
This group has been connected to Russia's Armed Forces, specifically its Main Directorate of the General Staff, also known as the GRU. "Area 1 Security has correlated this campaign against Burisma Holdings with specific tactics, techniques, and procedures used exclusively by the GRU in phishing for credentials. Repeatedly, the GRU uses Ititch, NameSilo, and NameCheap for domain registration; MivoCloud and M247 as Internet Service Providers; Yandex for MX record assignment; and a consistent pattern of lookalike domains," Area 1 said in its report.
"This phishing campaign against Burisma Holdings also uses a specific HTTP redirect, attributed to GRU, where non-targeted individuals are sent to the legitimate Roundcube webmail login, while targets who receive the GRU-generated URL are taken to the GRU's malicious phishing Roundcube website," it added.
The company has also spotted an APT28-linked phishing campaign aimed at a media organization founded by Ukrainian President Volodymyr Zelensky.