Russian agents launched a phishing campaign in early November aimed at stealing the login credentials for employees of Burisma Holdings, the gas company, according to Area 1 Security, a Silicon Valley company that specialises in e-mail security.
But in light of Burisma's role in the unfolding political saga - in which Trump pushed Ukrainian officials to investigate Biden and his son, Hunter, who had served on Burisma's board - the probing of the company's systems closely resembles Russian efforts in 2016 to destabilize the USA election.
Trump's push for a corruption inquiry into the son of a political rival resulted in him being impeached on charges of abuse of power and obstruction. In the Burisma case, hackers sent emails to company employees instructing them to log in on fake websites created to look pages for the company's subsidiaries.
The 2020 US Presidential campaign has officially kicked off in Russian Federation.
"Our report doesn't make any claims as to what the intent of the hackers were, what they might have been looking for, what they are going to do with their success".
Russian hackers from the same military intelligence unit that Area 1 said was behind the operation targeting Burisma have been indicted for hacking emails from the Democratic National Committee and the chairman of Hillary Clinton's campaign during the 2016 presidential race.
Speaker Nancy Pelosi - after announcing tomorrow's vote to send articles of impeachment to the Senate - ripped President Donald Trump and Senate Majority Leader Mitch McConnell for not doing enough on election security.
Oren Falkowitz, the company's co-founder and CEO, told CNN in an interview that Area 1 has been tracking the GRU for some time. This is indeed exactly what Bob Mueller warned about in his testimony: "That the Russians would be at this again", Schiff said on MSNBC Monday night, referring to the special counsel who investigated Russia's attempts to interfere in the 2016 election and whether there was any coordination with the Trump campaign.
The hacking operation was the work of the GRU, the Russian military spy agency, according to Area 1, which has published its findings online. He said he followed the industry standard process of responsible disclosure, which would include notifying Burisma. There, unwitting victims enter their usernames and passwords, which the hackers then harvest.
In this instance, the hackers set up fake websites that mimicked sign-in pages of Burisma subsidiaries, and have been blasting Burisma employees with emails meant to look like they are coming from inside the company.
The vast majority of cyberattacks begin with a phishing campaign, Area 1 says. Phished credentials allow attackers both to rifle through a victim's stored email and masquerade as that person. "To discover it and potentially get out in front of it is a significant departure from what's typical in the cyber security community, where someone just tells you, yeah, you're dead".
It isn't clear if anything was stolen from the company or its subsidiaries, which were initially targeted, if any information was gleaned, and what the ultimate goal of the hackers was.
Area 1 Security said in its report that the targeting of a Ukrainian company by the GRU is not particularly novel, but "it is significant because Burisma Holdings is publicly entangled in US foreign and domestic politics".