WIREDGOV

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

• The UK and international allies call out sustained, unsuccessful attempts to interfere in UK politics and democratic processes by Russian state cyber actors
• GCHQ’s National Cyber Security Centre assesses the threat group responsible is almost certainly subordinate to Centre 18 of Russia’s Federal Security Service (FSB)
• High-risk individuals – including politicians and journalists – encouraged to follow refreshed guidance, published today, to help defend against online threats

THE UK and international partners have today (Thursday) called out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes.

The National Cyber Security Centre (NCSC) – a part of GCHQ – assesses that Star Blizzard, a group that has been identified using cyber operations to target high-profile individuals and entities, is almost certainly subordinate to Centre 18 of Russia’s Federal Security Service (FSB). The malicious activity has included:

• Targeting, including spear-phishing, of UK parliamentarians from multiple political parties, from at least 2015 through to this year;
• The compromise of UK-US trade documents that were leaked ahead of the 2019 General Election;
• The 2018 compromise of the Institute for Statecraft, a UK thinktank whose work included initiatives to defend democracy against disinformation, and the more recent hack of its founder Christopher Donnelly, whose account was compromised from December 2021; in both instances documents were subsequently leaked.
• Targeting of universities, journalists, public sector, NGOs and other Civil Society organisations, many of whom play a key role in UK democracy.

The group has also selectively leaked information obtained through its operations and amplified the release in line with Russian confrontation goals, including to undermine trust in politics in the UK and likeminded states

The UK Foreign Secretary David Cameron has described these attempts to interfere in UK politics as “completely unacceptable” seeking to threaten our democratic processes.

To support the announcement, the NCSC and partners from the United States, Australia, Canada and New Zealand, have issued a new cyber security advisory, sharing technical details about how the actors carry out attacks and how targets can defend against them.

Today, the NCSC has also published refreshed guidance for individuals at higher risk of being targeted by capable actors so as to help improve their resilience to a range of potential cyber threats.

Paul Chichester, NCSC Director of Operations, said:

Defending our democratic processes is an absolute priority for the NCSC and we condemn any attempt which seeks to interfere or undermine our values.

Russia’s use of cyber operations to further its attempts at political interference is wholly unacceptable and we are resolute in calling out this pattern of activity with our partners.

Individuals and organisations which play an important role in our democracy must bolster their security and we urge them to follow the recommended steps in our guidance to help prevent compromises.

The refreshed guidance is designed to help high-risk individuals improve their security posture by putting measures in place to protect their devices and online accounts. This includes setting up two-step verification, creating strong passwords and installing updates promptly.

The malicious activity exposed today is part of a broader pattern of cyber activity conducted by the Russian Intelligence Services across the globe.

In recent years the UK and allies have exposed Russian Intelligence for their role in compromises affecting ViaSat, SolarWinds, and targeting of critical national Infrastructure.

In May, the NCSC alongside partners in the US, Australia, Canada, and New Zealand exposed a sophisticated cyberespionage tool designed and used by Centre 16 of Russia’s FSB for long-term intelligence collection on sensitive targets.

The NCSC previously published details about the activity undertaken by the Star Blizzard group, also known as Callisto Group, Cold River and formerly Seaborgium, earlier this year.

In an advisory, it warned of Russia-based actors carrying out targeted spear-phishing attacks for information-gathering purposes. The new advisory formally attributes this activity for the first time and provides the latest threat information and mitigation advice to help reduce the chances of compromise.

This advisory has been jointly issued by the NCSC, the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the US Cyber National Mission Force (CNMF), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ).

It can be read in full here on the NCSC website.