On Thursday, the UK government and the United States jointly accused Russian security services of participating in a prolonged cyber-espionage campaign targeting prominent politicians, journalists, and non-governmental organizations.
Russia has long been suspected of interfering in UK politics, notably during the divisive 2016 Brexit referendum. However, the Conservative government has faced criticism for not thoroughly investigating such allegations. In the most recent accusations, the foreign ministry asserted that Russia’s Federal Security Service (FSB) was responsible for “unsuccessful attempts to interfere in UK political processes” and revealed that it had summoned Russia’s ambassador to London to address the matter.
Simultaneously, US prosecutors unsealed charges against two Russian nationals in connection with hacking computer networks in Britain, the United States, and several other NATO countries.
The two men are now facing sanctions in both the UK and the US. UK Foreign Minister David Cameron stated, “Russia’s attempts to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes.” He emphasized that by sanctioning those responsible and summoning the Russian ambassador, they are exposing the malign attempts at influence and shedding light on Russia’s global modus operandi.
Cameron’s office specifically pointed to Centre 18, a unit within the FSB, as being responsible for “a range of cyber espionage operations” targeting the UK. One of the charged individuals in the United States was identified as an officer in that unit.
Documents leaked
The UK government has asserted that the Federal Security Service (FSB) targeted parliamentarians from various political parties, engaging in cyber-espionage activities that spanned from at least 2015 to 2023. The attacks resulted in leaked documents, and the FSB allegedly hacked UK-US trade documents that were disclosed ahead of the December 2019 UK general election.
The two individuals indicted in the United States, Ruslan Aleksandrovich Peretyatko and Andrei Stanislavovich Korinets, are currently not in US custody. The charges against them carry maximum sentences of five and 20 years, respectively. The UK Foreign Office stated that Peretyatko and Korinets have been sanctioned for their involvement in spear-phishing campaigns and activities aimed at undermining the UK, involving the targeted sending of malicious links to induce the sharing of sensitive information.
Spear-phishing typically includes sending malicious links to specific targets to extract sensitive information, with attackers often conducting reconnaissance activity to enhance the effectiveness of their attempts, as noted by the UK’s National Cyber Security Centre. The two individuals are accused of targeting current and former US officials at various governmental entities from at least 2016 to 2022. Both are currently wanted by the FBI, believed to be in Russia, and the State Department is offering a reward of up to $10 million for information leading to their location and arrest.
Targeting government officials
In January, UK cybersecurity officials issued a warning that Russia and Iran were intensifying their targeting of government officials, journalists, and non-governmental organizations through spear-phishing attacks to compromise sensitive systems. The National Cyber Security Centre (NCSC), a part of the UK’s signals intelligence agency GCHQ, emphasized the need for increased vigilance regarding the techniques and tactics employed by threat actors, along with providing mitigation advice.
The NCSC highlighted that the Russia-based group SEABORGIUM and the Iran-based TA453 had been involved in targeting various organizations and individuals in the UK and globally throughout 2022. This follows a previous incident where suspected Kremlin agents reportedly hacked the cellphone of then-foreign minister Liz Truss, who is currently the UK’s prime minister.
A source revealed to The Mail on Sunday that up to a year’s worth of messages, including “highly sensitive discussions” related to the war in Ukraine, were hacked from the cellphone of UK Prime Minister Liz Truss. The hacking was reportedly discovered in 2022, during Truss’s campaign to become the Conservative Party leader and subsequently succeed Boris Johnson as the prime minister.
Foreign Office Minister Leo Docherty addressed the issue in the House of Commons on Thursday, emphasizing the real and serious cyber threat posed by Russia. He highlighted Russia’s tactics, including the creation of false accounts, impersonation of contacts, and the delivery of malicious links through seemingly legitimate approaches, aiming to build rapport before introducing malicious elements.