Russian hackers used 'spear-phishing' to steal information from UK politicians, government says
The country's ambassador has been summoned while two members of the 'Star Blizzard' hacking group, including a Russian intelligence officer, have been sanctioned.
The Foreign Office has summoned the Russian ambassador, and sanctioned a Russian intelligence officer along with a second member of the "Star Blizzard" group, which is believed to be controlled by the Centre 18 unit of the FSB.
There are understood to have been hundreds of victims of attempted hacks across the UK, including many high-profile names, with personal email accounts, as well as corporate and business addresses targeted.
The group had "selectively leaked and amplified information" since 2015 using a technique known as "spear-phishing" to steal information from a "significant" number of parliamentarians from multiple political parties, Mr Docherty said in the Commons.
He said the "sophisticated" cyber attacks involved "thorough research and preparation" including "impersonating contacts".
'A total farce': Labour furious as govt reveals cost of Rwanda asylum policy
Russia's FSB Centre 18 has been named by the UK as the source of the attacks.
In intelligence circles, it also goes by the names Iron Frontier and Star Blizzard.
The UK has named two specific members: Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets.
The FSB, or Federal Security Service, is Moscow's spy agency.
A previous report for the US Congress on Russian cyber units identified Centre 18 as one of two primary hubs overseeing the FSB's security and cyber operations, along with Centre 16.
While phishing targets many potential victims in a broad email fraud operation, such as tricking customers into clicking malicious links, spear-phishing is a personalised attack designed for a specific individual.
An official told Sky News: "Russia is targeting the UK's democratic process."
The group "acquires information for the Russian state. It is a group that supports FSB Centre 18.
"This information is used to undermine the West in various ways," they said. "This group has acquired a vast amount of data.
"It is very targeted - the number [of known hacks] is probably in the hundreds not thousands.
"We are coming towards an election year. We want to get this [hack and leak threat] more into the bloodstream - so people are more aware."
Officials in the UK and US have not seen evidence of the intent behind the hackers gathering information from British public and political figures, but there are concerns the mass of information gathered could be used in an attempt to sway next year's general election.
A vast amount of data has been gathered by individuals operating on behalf of the Russian intelligence service, according to a Western official who spoke to Sky News.
"We are coming into an election year," the official said. "We want to get this [hack and leak threat] more into the bloodstream - so people are more aware."
Asked whether the hackers had information they could leak to try to disrupt the election next year, the official said: "There is no evidence of that intent. There is that possibility. They have collected a lot of information."
The information accessed is not limited to emails - it also includes private files and confidential details of contacts.
Only a small proportion of the significant array of personal data is thought to have been leaked, leaving a significant amount of personal information about public figures at the hackers' disposal to divulge at a later date - perhaps coinciding with the UK's general election next year.
The attacks cited by the government include a 2018 hack on the Institute for Statecraft think-tank and the leak of US-UK trade documents, which former Labour leader Jeremy Corbyn used in his 2019 general election campaign.
The think-tank's founder Christopher Donnelly was also targeted by the FSB in December 2021, with documents subsequently leaked, the Foreign Office said.
A source close to Mr Donnelly said he was "really pleased" by today's announcement.
Sir Richard Dearlove, the former head of MI6, was another apparent high-profile target.
He said he had been through "many more dramatic and worse things" than being hacked and "was not particularly concerned about it" but it "caused a huge amount of disruption".
"We are in a state of grey warfare with the Russians short of open aggression and conflict," he said.
"They will do anything to undermine critical infrastructure, national security and attack any of our institutions that are not pro-Russia."
The Foreign Office said sanctions would be imposed on Andrey Stanislavovich Korinets, AKA Alexey Doguzhiev, and FSB intelligence officer Ruslan Aleksandrovich Peretyatko.
It is understood the ambassador, Andrei Kelin, was unavailable when summoned and officials instead met a senior member of the Russian government to express concerns over the attempts to interfere in democratic processes.
Foreign Secretary David Cameron said: "Russia's attempts to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes.
"Despite their repeated efforts, they have failed.
"In sanctioning those responsible and summoning the Russian ambassador today, we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage.
"We will continue to work together with our allies to expose Russian covert cyber activity and hold Russia to account for its actions."
The announcement in the Commons came as Deputy Prime Minister Oliver Dowden made a speech warning that critical government services, including the military, the NHS, schools, and road and rail networks are being targeted by cyber criminals.
"The greatest risks still emanate from the usual suspects, China, Iran, North Korea and Russia, but they’re increasingly using Wagner-style sub-state hackers to do their dirty work," he said.
"Our political processes and institutions will of course continue to endure in spite of these attacks, but what they serve to prove is that the cyber attack posed by Russian intelligence services is real and it is serious.
"It is a stark reminder that as we in government develop our capabilities, so do our adversaries and those who do their bidding."
-sky news