The UK and its allies have called out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes.
The UK and international partners have called out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes.
The National Cyber Security Centre (NCSC) – a part of GCHQ – assesses that Star Blizzard, a group that has been identified using cyber operations to target high-profile individuals and entities, is almost certainly subordinate to Centre 18 of Russia’s Federal Security Service (FSB).
The malicious activity has, according to the NCSC, included:
- Targeting, including spear-phishing, of UK parliamentarians from multiple political parties, from at least 2015 through to this year;
- The compromise of UK-US trade documents that were leaked ahead of the 2019 General Election;
- The 2018 compromise of the Institute for Statecraft, a UK thinktank whose work included initiatives to defend democracy against disinformation, and the more recent hack of its founder Christopher Donnelly, whose account was compromised from December 2021; in both instances documents were subsequently leaked.
- Targeting of universities, journalists, public sector, NGOs and other Civil Society organisations, many of whom play a key role in UK democracy.
The group has also selectively leaked information obtained through its operations and amplified the release in line with Russian confrontation goals, including undermining trust in politics in the UK and like-minded states. UK Foreign Secretary David Cameron has described these attempts to interfere in UK politics as “completely unacceptable” seeking to threaten our democratic processes.
Paul Chichester, NCSC Director of Operations, said:
“Defending our democratic processes is an absolute priority for the NCSC and we condemn any attempt which seeks to interfere or undermine our values. Russia’s use of cyber operations to further its attempts at political interference is wholly unacceptable and we are resolute in calling out this pattern of activity with our partners. Individuals and organisations which play an important role in our democracy must bolster their security and we urge them to follow the recommended steps in our guidance to help prevent compromises.”
The NCSC previously published details about the activity undertaken by the Star Blizzard group, also known as Callisto Group, Cold River and formerly Seaborgium, earlier this year. In an advisory, it warned of Russia-based actors carrying out targeted spear-phishing attacks for information-gathering purposes. The new advisory formally attributes this activity for the first time and provides the latest threat information and mitigation advice to help reduce the chances of compromise.
This advisory has been jointly issued by the NCSC, the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the US Cyber National Mission Force (CNMF), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ).
It can be read in full here on the NCSC website.