The Russian security service has compromised the private conversations of high-profile politicians and civil servants as it tried to interfere in UK political processes, according to the government.
The Foreign Office has summoned the Russian ambassador and sanctioned two members of the “Star Blizzard” group, which is believed to be controlled by the Centre 18 unit of the FSB, including an intelligence officer in the Russian security service.
MPs, Lords, civil servants, journalists and others have been targeted in attempts to “meddle in British politics”, Foreign Office minister Leo Docherty told MPs.
There are understood to have been hundreds of victims of attempted hacks across the UK, including many high-profile names, with personal email accounts, as well as corporate and business addresses targeted.
The group had “selectively leaked and amplified information” since 2015 using a technique known as “spear-phishing” to steal information from a “significant” number of parliamentarians from multiple political parties, Mr Docherty said in the Commons.
He said the “sophisticated” cyber attacks involved “thorough research and preparation” including “impersonating contacts”.
Who is behind the attacks?
Russia’s FSB Centre 18 has been named by the UK as the source of the attacks.
In intelligence circles, it also goes by the names Iron Frontier and Star Blizzard.
The UK has named two specific members: Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets.
The FSB, or Federal Security Service, is Moscow’s spy agency.
A previous report for the US Congress on Russian cyber units identified Centre 18 as one of two primary hubs overseeing the FSB’s security and cyber operations, along with Centre 16.
Rafe Pilling, director of threat intelligence at cybersecurity firm Secureworks, said the two are responsible for a “significant proportion of offensive Russian cyberactivity”.
When Centre 18 is involved, it suggests an attack is a “state-directed endeavour”, he added.
Its officers were indicted for breaching US internet company Yahoo and millions of email addresses in 2017, and Ukrainian intelligence has also found evidence of it having a presence in Russian-occupied Crimea.
FSB units like Centre 18 are believed to be capable of manufacturing their own advanced malware, designed to damage and steal data from a victim’s computer systems.
They are also thought to work with criminal Russian hacking groups like Cosy Bear, Fancy Bear, and Sandworm.
An official told Sky News: “Russia is targeting the UK’s democratic process.”
The group “acquires information for the Russian state. It is a group that supports FSB Centre 18.
“This information is used to undermine the West in various ways,” they said. “This group has acquired a vast amount of data.
“It is very targeted – the number [of known hacks] is probably in the hundreds not thousands.
“We are coming towards an election year. We want to get this [hack and leak threat] more into the bloodstream – so people are more aware.”
The attacks cited by the government include a 2018 hack on the Institute for Statecraft think-tank and the leak of US-UK trade documents, which Jeremy Corbyn used in his 2019 general election campaign.
The think-tank’s founder Christopher Donnelly was also targeted by the FSB in December 2021, with documents subsequently leaked, the Foreign Office said.
A source close to Mr Donnelly said he was “really pleased” by today’s announcement.
Sir Richard Dearlove, the former head of MI6, was another apparent high-profile target.
He said he had been through “many more dramatic and worse things” than being hacked and “was not particularly concerned about it” but it “caused a huge amount of disruption”.
“We are in a state of grey warfare with the Russians short of open aggression and conflict,” he said.
“They will do anything to undermine critical infrastructure, national security and attack any of our institutions that are not pro-Russia.”
Read more from Sky News:
Ofsted inspection ‘likely contributed’ to death of headteacher Ruth Perry
Murderer and child rapist Colin Pitchfork refused parole
The Foreign Office said sanctions would be imposed on Andrey Stanislavovich Korinets, AKA Alexey Doguzhiev, and FSB intelligence officer Ruslan Aleksandrovich Peretyatko.
It is understood the ambassador was unavailable when summoned and officials instead met with a senior member of the Russian government to express concerns over the attempts to interfere in democratic processes.
Foreign Secretary David Cameron said: “Russia’s attempts to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes.
“Despite their repeated efforts, they have failed.
“In sanctioning those responsible and summoning the Russian ambassador today, we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage.
“We will continue to work together with our allies to expose Russian covert cyber activity and hold Russia to account for its actions.”
The announcement in the Commons came as Deputy Prime Minister Oliver Dowden made a speech warning that critical government services, including the military, the NHS, schools, and road and rail networks are being targeted by cyber criminals.
“The greatest risks still emanate from the usual suspects, China, Iran, North Korea and Russia, but they’re increasingly using Wagner-style sub-state hackers to do their dirty work,” he said.
“Our political processes and institutions will of course continue to endure in spite of these attacks, but what they serve to prove is that the cyber attack posed by Russian intelligence services is real and it is serious.
“It is a stark reminder that as we in government develop our capabilities, so do our adversaries and those who do their bidding.”