Russia's intelligence service has carried out a years-long campaign of cyber attacks against high-profile politicians, public service staff, journalists and others, according to the British government, as part of what it called “failed attempts to interfere in the political processes of the United Kingdom.”
The announcement comes as Britain and the United States prepare for major elections, and assessment of the attacks points to possible attempts to interfere in Britain's last general election in 2019.
British Foreign Office, in a sentence released Thursday, said a group “almost certainly” linked to the Russian intelligence service engaged in sustained cyber espionage operations, including attacks targeting lawmakers across the political spectrum through phishing attacks or malicious emails, beginning as early as 2015. .
The group also “selectively leaked and amplified the dissemination of information in line with Russia's confrontational objectives, including undermining trust in politics in the United Kingdom and related states,” the Foreign Office said, based on an investigation by the British intelligence agency.
Some of that information, including hacked trade documents between Britain and the United States, was leaked ahead of the 2019 British general election.
Universities, journalists, the public sector, charities and other organizations were also attacked, according to the government, which warned that while Russia's attempts to undermine democracy have been unsuccessful so far, they are likely to continue.
Russia did not immediately respond to Britain's accusations, but in the past it has denied any state-sponsored attacks against other countries or entities.
The British statement also linked a 2018 hack to the Institute for Statecraft, a British research organization focused on disinformation, and a 2021 hack to a founder of that organization, whose account was compromised. “In both cases, the documents were subsequently leaked,” the statement said.
The group identified by British authorities is often known as Star Blizzard and has a history of conducting “hack and leak” campaigns, in which stolen information is leaked publicly to influence public opinion in a target country, Microsoft, which has been tracking the group since 2017, he said last year.
Before launching an attack, the group is known to conduct reconnaissance of the people it targets, including identifying contacts from their social networks or “sphere of influence,” Microsoft said. Using names collected from that research, the group creates fake LinkedIn profiles, email addresses and social media accounts to trick their targets into corresponding. At one point, they include an infected file in communications to gain access to the target's data.
The attacks fit a pattern of Russian behavior that dates back more than a decade. Russia-aligned groups have been accused of infiltrating government agencies, multinational corporations and other organizations in the United States and Europe. Combined with online disinformation campaigns, the raids have attempted to influence elections, conduct espionage, and sow social discord among Western democracies.
Even as the United States and its European allies have bolstered their cyber defenses, the attacks revealed Thursday show how any protection can be undermined by a simple mistake made by an individual who clicks or downloads malicious files.
Russia has denied previous allegations of hacking.
David Cameron, Britain's newly appointed foreign secretary who was previously the country's prime minister, said in a statement that Russia's attempts “to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes.” .
“Despite their repeated efforts, they have failed,” he said. “By sanctioning those responsible and summoning the Russian ambassador today, we are exposing his malign attempts at influence and shedding light on yet another example of how Russia chooses to operate on the global stage.”
In addition to summoning the Russian ambassador to Great Britain, the British government announced sanctions against two people linked to Star Blizzard. That group, the government said, was “almost certainly subordinate” to Center 18, a unit of the FSB, Russia's Intelligence Services, which it said ran cyber espionage operations.
The two people named in the sanctions are Ruslan Aleksandrovich Peretyatko, who Britain says is a Russian FSB intelligence officer and a member of Star Blizzard; and Andrey Stanislavovich Korinets, who is also a member of Star Blizzard.
Britain's National Cyber Security Centre, part of its intelligence service, said it had issued a new cybersecurity noticealong with Australia, Canada, New Zealand and the United States, and published updated guidance for people at higher risk of cyber threats.
“Russia's use of cyber operations to further its attempts at political interference is totally unacceptable, and we are determined to report this pattern of activity to our partners,” said Paul Chichester, the center's director of operations, adding that “individuals and organizations that play an important role in our democracy must strengthen their security.”
