What we know about Russian 'Star Blizzard' accused of years of cyberattacks on UK

By John Mercury December 8, 2023

Russian cyberattackers have been accused of targeting British democracy ahead of next year’s general election.

The UK says MPs, journalists, think tanks and an ex-head of MI6 are among those to have been in the sights of hacking operations linked to the Kremlin.

Here’s everything we know so far.

Who is behind the attacks?

Russia‘s FSB Centre 18 has been named by the UK as the source of the attacks.

In intelligence circles, it also goes by other names, including Iron Frontier and Star Blizzard.

The UK has named two specific members: Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets.

The FSB, or Federal Security Service, is Moscow’s spy agency.

A previous report for the US Congress on Russian cyber units identified Centre 18 as one of two primary hubs overseeing the FSB’s security and cyber operations, along with Centre 16.

Rafe Pilling, director of threat intelligence at cybersecurity firm Secureworks, said the two were responsible for a “significant proportion of offensive Russian cyberactivity”.

When Centre 18 is involved, it suggests an attack is a “state-directed endeavour”, he added.

Its officers were indicted for breaching US internet company Yahoo and millions of email addresses in 2017, and Ukrainian intelligence has also found evidence of it having a presence in Russian-occupied Crimea.

FSB units like Centre 18 are believed to be capable of manufacturing their own advanced malware, designed to damage and steal data from a victim’s computer systems.

They are also thought to work with criminal Russian hacking groups like Cosy Bear, Fancy Bear, and Sandworm.

Russian Federal Security Service (FSB) Director Alexander Bortnikov attends a meeting of members of Security Council and the government and the heads of law enforcement agencies, outside Moscow
Image:
FSB director Alexander Bortnikov

What do they do?

Phishing emails, which involve hackers attempting to trick targets into revealing sensitive information, are a common tactic.

Mr Pilling said they had become “more sophisticated” over time, with hackers going through multiple stages of exchanging emails to gain trust before delivering a malicious payload – like malware – to steal data.

Given its links to Moscow, Centre 18 is primarily concerned with targeting diplomats, politicians, and other organisations and individuals in the public sector.

Mr Pilling described their operations as “bread and butter spy work”.

“Spies go where the information is – and people’s mailboxes are where a significant chunk of this is,” he said.

“It’s quite traditional espionage.”

How has the UK been targeted?

Britain believes hackers associated with Centre 18 have targeted “high-profile people within the political sphere”, journalists, and think tanks over several years.

They are accused of hacking and leaking information in a bid to influence British elections.

This includes a leak of UK-US trade documents, which were brandished by then Labour leader Jeremy Corbyn before the 2019 general election, and an attack that same year on the Institute for Statecraft.

Other targets have allegedly included the NHS, schools, and former MI6 chief Sir Richard Dearlove.

Deputy Prime Minister Oliver Dowden said 40% of attacks were against the public sector, including a “complex” operation against the Electoral Commission.

Hackers have plenty of data left to leak – and the timing could be a serious problem



Officials in the UK and US have not seen evidence of the intent behind the hackers gathering information from British public and political figures, but there are concerns the mass of information gathered could be used in an attempt to sway next year’s general election.

A vast amount of data has been gathered by individuals operating on behalf of the Russian intelligence service, according to a Western official who spoke to Sky News.

“We are coming into an election year,” the official said. “We want to get this [hack and leak threat] more into the bloodstream – so people are more aware.”

Asked whether the hackers had information they could leak to try to disrupt the election next year, the official said: “There is no evidence of that intent. There is that possibility. They have collected a lot of information.”

The information accessed is not limited to emails – it also includes private files and confidential details of contacts.

Only a small proportion of the significant array of personal data is thought to have been leaked, leaving a significant amount of personal information about public figures at the hackers’ disposal to divulge at a later date – perhaps coinciding with the UK’s general election next year.

Read more here.

The UK’s intelligence agencies have accused Russian hacking groups of targeting the country before, but these have not always been linked directly to the Kremlin’s bureaus.

In September, the government sanctioned 11 members of the Trickbot group for targeting British hospitals during the COVID pandemic. They would later offer support for Vladimir Putin’s invasion of Ukraine.

Last month, Russian group Killnet took responsibility for an attack on the Royal Family’s official website.

This week, groups linked to Russia and China were accused of hacking IT systems at the Sellafield nuclear site.

Vladimir Putin is expected to win the election next year
Image:
Vladimir Putin has sought to interfere in previous Western elections and referendums

How concerned should we be?

Mr Dowden said the goal of Russia and other hostile actors like Iran and China was to undermine elections.

“The new frontline is online,” he said of the threats facing the UK and its allies.

But the government has insisted Russia’s efforts have not been successful.

“Despite their repeated efforts, they have failed,” said Foreign Secretary David Cameron.

Mr Pilling said the attacks “tend not to have the impact the Russians would like”, but that they would likely continue despite the UK’s decision to name and shame suspects.

Russia was accused of interfering in the 2016 US election and Brexit referendum, and will likely look to target both countries’ elections in 2024.

The National Cyber Security Centre, along with the UK, Australia, New Zealand, and Canada, is set to publish new cybersecurity advice to help high-profile targets defend themselves from future attacks.

source

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *