In 2016, hackers released emails from the Democratic National Committee they accessed after using a targeted attack against Hillary Clinton’s campaign manager. Area 1, a security firm that specializes in defense against phishing, says that they discovered a network of fake websites used by the G.R.U., a Russian military intelligence unit, built to target subsidiaries of Burisma. Security researcher Kyle Ehmke noted some of the suspicious domains in December.
Relevant hosting IPs:
91.132.139[.]155
184.164.139[.]238
94.158.245[.]28
185.174.174[.]34Also mail server mail.kvatral95[.]com is hosted on a probable dedicated server at 45.89.175[.]235. (2/6) pic.twitter.com/2FTcavbhxh
— Kyle Ehmke (@kyleehmke) December 16, 2019
They then sent emails to employees of the companies with links to their fake pages, created as replicas of internal websites so they could collect their logins and use them to access its servers.
The experts speculate that the scheme was looking for information to use against Biden, a potential candidate for the Democratic party in this year’s presidential election. The scope of “election security” efforts will continue to get wider this year, and it appears that the same kind of tricks government agencies and others have noted will continue yet again.