New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Russian Campaign Against Burisma Highlights Risk to Companies With Political Ties

Russia:  A recent investigation revealed that members of Russian intelligence appear to have heavily targeted the Ukrainian energy company Burisma. It appears that employees of Burisma were targeted with a “sophisticated network of fake websites.” The websites were all designed to resembled websites utilized regularly by employees of Burisma. The campaign targeting the energy company appears to have begun in early November when the energy firm was dominating the US and international news as it was at the center of the discussion surrounding President Trump, former Vice President Biden, and potential impeachment proceedings. It is not clear yet what information was obtained or targeted by the campaign, only that the energy firm itself and its employees were targeted. 

Analyst Notes

With the amount of false and misleading news stories that dominated social media throughout the 2016 election and the timing of this targeted attack, it is likely that this campaign was carried out for similar purposes. Any information which was obtained through the campaign could be utilized to assist Russian intelligence services in information campaigns focused on influencing the 2020 US election. This campaign also serves to illustrate that any organization which has ties to political organizations are potential targets for information campaigns. Phishing campaigns that utilized properly spoofed sites that resemble sites utilized by employees are especially effective as many users want to trust sites that they have used before. Proper education is vital, but running tests that attempt to see how many users will fall for phishing campaigns are also an important step in preparing an organization for phishing campaigns. Sharing the overall results of those tests with the company can help the organization understand how prepared they are, and sharing a list of who fell victim to the phishing test with managers can help education efforts for those who need it most. More information on this incident can be found at