Russia’s intelligence service has carried out a yearslong cyberattack campaign against high-profile politicians, public service staff members, journalists and others, according to the British government, as part of what it called “unsuccessful attempts to interfere in U.K. political processes.”
The announcement comes as Britain and the United States are preparing for major elections, and the assessment of the attacks points to possible attempts to interfere in Britain’s last general election in 2019.
Britain’s Foreign Office, in a statement released on Thursday, said a group “almost certainly” linked to the Russian intelligence service engaged in sustained cyberespionage operations, including attacks that targeted lawmakers from across the political spectrum using spear-phishing attacks, or malicious emails, beginning as early as 2015.
The group also “selectively leaked and amplified the release of information in line with Russian confrontation goals, including to undermine trust in politics in the U.K. and like-minded states,” the Foreign Office said, drawing from an investigation from Britain’s intelligence agency.
Some of that information, including hacked trade documents between Britain and the United States, was leaked ahead of Britain’s general election in 2019.
Universities, journalists, the public sector, charities and other organizations were also targeted, according to the government, which warned that while Russia’s attempts to undermine democracy have been so far unsuccessful, they are likely to continue.
Russia did not immediately respond to Britain’s accusations, but it has in the past denied any state-sponsored attacks against other countries or entities.
The British statement also linked a 2018 hack of the Institute for Statecraft, a British research organization focused on disinformation, and a 2021 hack of a founder of that organization, whose account was compromised. “In both instances documents were subsequently leaked,” the statement said.
The group identified by the British authorities is often known as Star Blizzard, and has a history of conducting “hack and leak” campaigns, in which stolen information is then leaked publicly to influence public opinion in a targeted country, Microsoft, which has been tracking the group since 2017, said last year.
Before starting an attack, the group is known to conduct reconnaissance of the people it is targeting, including identifying contacts from their social networks or “sphere of influence,” Microsoft said. Using names collected from that research, the group then creates fake LinkedIn profiles, email addresses and social media accounts to trick their targets into engaging in a correspondence. At a certain point, they include an infected file in the communications to get access to the target’s data.
The hacks fit a pattern of Russian behavior stretching back more than a decade. Russia-aligned groups have been accused of infiltrating government agencies, multinational corporations and other organizations across the United States and Europe. Mixed with online disinformation campaigns, the incursions have tried to influence elections, conduct espionage and sow social discord among Western democracies.
Even as the United States and European allies have bolstered their cyberdefenses, the attacks disclosed on Thursday show how any protections can be undercut by a simple mistake by an individual who clicks or downloads malicious files.
Russia has denied past accusations of hacking.
David Cameron, Britain’s recently appointed foreign secretary who previously served as the country’s prime minister, said in a statement that the attempts by Russia “to interfere in U.K. politics are completely unacceptable and seek to threaten our democratic processes.”
“Despite their repeated efforts, they have failed,” he said. “In sanctioning those responsible and summoning the Russian ambassador today, we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage.”
In addition to summoning the Russian ambassador to Britain, the British government announced sanctions against two people linked to Star Blizzard. That group, the government said, was “almost certainly subordinate” to Center 18, a unit of the F.S.B., Russia’s Intelligence Services, that it said directed the cyberespionage operations.
The two people named in the sanctions are Ruslan Aleksandrovich Peretyatko, who Britain said is a Russian F.S.B. intelligence officer and a member of Star Blizzard; and Andrey Stanislavovich Korinets, who is also a member of Star Blizzard.
Britain’s National Cyber Security Center, part of its intelligence service, said that it had issued a new cybersecurity advisory, along with Australia, Canada, New Zealand and the United States, and published updated guidance for people at higher risk of cyberthreats.
“Russia’s use of cyberoperations to further its attempts at political interference is wholly unacceptable, and we are resolute in calling out this pattern of activity with our partners,” said Paul Chichester, the center’s director of operations, adding that “individuals and organizations which play an important role in our democracy must bolster their security.”
