News Hub

UK condemns Russian role in cyber threat operations, issues sanctions to hacking group

Written by Mon 11 Dec 2023

The UK has attributed ‘sustained unsuccessful’ cyber attempts to interfere in UK political processes to the Russian Federal Security Service (FSB), the successor to the KGB. As a result, the UK has sanctioned two members of the Russian hacking group, Star Blizzard.

A unit within the FSB, Centre 18, has been held accountable for a range of cyber espionage operations targeting the UK.

The Government stated that Star Blizzard carried out this activity. The UK’s National Cyber Security Centre (NCSC) has identified Star Blizzard as ‘almost certainly subordinate’ to the FSB’s Centre 18.

Star Blizzard, also known as Callisto Group, SEABORGIUM, or COLDRIVER, is allegedly operated by FSB officers. The group selectively leaks and amplifies information to align with Russian confrontation goals. Their objective is to undermine trust in politics in the UK and like-minded states.

“An attack against our democratic institutions is an attack on our most fundamental British values and freedoms. The UK will not tolerate foreign interference,” said James Cleverley, Secretary of State for the Home Department.

Through Star Blizzard’s activities, the UK Government said it has linked the cybercrime group to several incidents. 

Since 2015, Star Blizzard has been connected to targeting parliamentarians through spear-phishing across multiple parties. The group has also been associated with hacking and leaking UK and US trade documents before the 2019 General Election.

The UK Government has additionally attributed the 2018 hacking of the Institute for Statecraft to the Star Blizzard. This think tank’s work included initiatives to defend democracy against disinformation. 

The Russian cybercrime group has also been linked to the hack of the Institute for Statecraft’s founder, Christopher Donnelly. In December 2021, Donnelly’s account was compromised. In both the hack of the Institute and its founder, documents were leaked. 

On a broader scale, the cybercrime group is accused of targeting universities, journalists, the public sector, non-governmental organisations, and civil society organisations crucial to UK democracy.

“State actors, and the ‘Wagner-style’ sub-state hackers they use to do their dirty work, will continue to target our public institutions and our democratic processes,” said Oliver Dowden, Deputy Prime Minister.

Dowden stressed that the UK will continue to call out this activity to raise defences and to take action against the perpetrators.  

UK Issues Sanctions to Star Blizzard Members 

The UK has sanctioned two Star Blizzard members after a National Crime Agency (NCA) investigation. These members have been penalised for preparing spear-phishing campaigns, resulting in unauthorised access and exfiltration of data.

Spear-phishing is a targeted form of phishing that aims to compromise specific individuals or organisations, often through deceptive emails. Its objective is to steal sensitive information or infect the targeted devices with malware. 

The UK Government has delivered these sanctions in collaboration with the US. The Government said it forms part of ongoing efforts to counter Russian cyber threats undermining the integrity and prosperity of the UK and its allies.

The US Department of Justice has concurrently unsealed indictments against the sanctioned Star Blizzard members. They have been identified as Ruslan Aleksandrovich Peretyatko, a Russian FSB intelligence officer, and Andrey Stanislavovich Korinets, also known as Alexey Doguzhiev.

UK Summons Russian Ambassador and Commits to Cybersecurity Advisory

The Foreign, Commonwealth, and Development Office have summoned the Russian Ambassador in response to Russian interference.

“In sanctioning those responsible and summoning the Russian Ambassador … we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage,” added David Cameron, Secretary of State for Foreign, Commonwealth, and Development Affairs.

Minister for Europe, Leo Docherty, stressed that attempts to interfere with UK politics and democracy have not succeeded. However, it is expected that Russia and other adversaries will persist in using online tactics for interference in national politics and democratic processes. 

The Government said the NCSC with the US, Australia, New Zealand, and Canada, will release a cybersecurity advisory for network defenders. The NCSC will also publish guidance for high-risk individuals to provide further information on available support.

The Government said this discovery is part of a broader pattern of harmful cyberactivity by Russian Intelligence Services worldwide.

The UK Confronts Cybercrime

In recent years, the UK and its allies have revealed Russian interference in ViaSat and SolarWinds. The SolarWinds cyberattack impacted 18,000 global companies. In the incident, companies unwittingly installed a malicious update for the SolarWinds Orion program.

In May, the NCSC, in collaboration with the Five Eyes intelligence alliance, exposed a sophisticated cyber espionage tool. The alliance is the collective term for intelligence agencies from the United States, the United Kingdom, Canada, Australia, and New Zealand.

This tool was developed and used by the FSB for long-term intelligence collection on sensitive targets. The Five Eyes alliance played a role in uncovering and disclosing this cyber threat.

However, this year, the UK has experienced several Russian-linked cyber incidents that have impacted the operations of the country. In October, Russian hackers led a cyberattack that forced the Royal Family website offline.

In June, a cybercrime gang, believed to be based in Russia, warned major British companies, including the BBC, British Airways, and Boots to email them before 14 June, or stolen data from a MOVEit hack will be published.

In August, the UK Electoral Commission reported a ‘complex cyberattack on its systems’ by hostile actors where millions of UK voters’ data could have been compromised. It is still unknown who was responsible for the attack. No groups or individuals have since claimed accountability.

Join Cloud & Cyber Security Expo

6-7 March 2024, ExCeL London

Cloud & Cyber Security Expo is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Written by Mon 11 Dec 2023

Send us a correction Send us a news tip