Russian Intelligence Services have been engaging in a sustained cyber campaign aimed at interfering in UK politics and democratic processes.
The National Cyber Security Centre (NCSC), part of GCHQ, alongside international partners, have identified the threat group responsible as Star Blizzard, linking it to Centre 18 of Russia’s Federal Security Service (FSB).
The malicious activities conducted by Star Blizzard include targeting UK parliamentarians through spear-phishing since at least 2015, compromising UK-US trade documents leaked before the 2019 General Election and the 2018 compromise of the Institute for Statecraft, a UK think tank focused on defending democracy against disinformation.
The group has also reportedly targeted universities, journalists, public sector entities, NGOs and other civil society organizations involved in UK democracy. The malicious actors selectively leaked information to undermine trust in politics in the UK and other like-minded states, aligning with Russian confrontation goals.
“Russia’s use of cyber operations to further its attempts at political interference is wholly unacceptable, and we are resolute in calling out this pattern of activity with our partners,” said NCSC Director of Operations, Paul Chichester.
To address the threat, the NCSC and partners from the United States, Australia, Canada and New Zealand have issued a new cybersecurity advisory sharing technical details on the attackers' methods and providing guidance on defense strategies.
NCSC Releases new Guidelines
The NCSC has also released new guidelines for high-risk individuals, including politicians and journalists, to enhance their resilience to potential cyber-threats.
“Individuals and organizations that play an important role in our democracy must bolster their security, and we urge them to follow the recommended steps in our guidance to help prevent compromises,” Chichester urged.
According to the NCSC, the exposed malicious activities are part of a broader pattern of cyber operations conducted by Russian Intelligence Services globally. The NCSC had previously detailed the activities of the Star Blizzard group, also known as Callisto Group, Cold River and formerly Seaborgium, earlier this year.
This joint advisory comes in the wake of previous exposures, including the role of Russian Intelligence in compromises affecting ViaSat, SolarWinds and the targeting of critical national infrastructure.
Russian Interference 'Unsurprising'
"The news that Russia has been targeting British politics should come as no surprise. However, the official announcement of this is not as expected. This sets a clear marker that the UK will not tolerate this behavior," commented Adam Pilton, cybersecurity consultant at CyberSmart.
Pilton, a former cybersecurity law enforcement agent, noted that UK representatives will be working closely with international partners to develop and share intelligence, enhancing our defences against further attacks.
"This statement, however, is likely to be the first of many others in the lead-up to the elections in the UK and the US in 2024. Politicians, civil servants, journalists and NGOs are key players within our democracy and although the threat may seem distant to most of us, it is very real in the context of our democracy," he added.
Elliott Wilkes, chief technology officer at Advanced Cyber Defence Systems (ACDS), concurred that it is unsurprising to find that the Russian security and intelligence apparatus has been engaging in persistent attacks on individuals and organisations with ties to government and security in the UK.
"The hope with these disclosures is that by naming the agency and specific team responsible, and calling the Russian diplomatic corps to answer on their behalf, is part of a recent trend by Western governments in ‘attribution’, a kind of ‘naming and shaming’ of those responsible for illegal activities," he added.