Canada and its Five Eyes allies have issued a joint cybersecurity threat advisory warning of Russian cyberattacks after the British government said it exposed a years-long hacking plot by a group aligned with Russia’s Federal Security Service (FSB).
The U.K. foreign office said Thursday that the hacking group, known as “Star Blizzard” and working on behalf of the FSB, targeted British politicians, journalists, universities and non-profit groups over a period of several years. The group sought to obtain information with the intent “to interfere in U.K. politics and democratic processes,” the office said in a statement.
In its own statement, the U.S. Treasury Department said the group has also “targeted U.S. critical government networks.”
In response, the U.K. and the U.S. imposed sanctions on two Russian members of the Star Blizzard group, one of whom is a Russian FSB intelligence officer. The U.K. also summoned the Russian ambassador over the issue.
“Russia’s attempts to interfere in U.K. politics are completely unacceptable and seek to threaten our democratic processes,” British Foreign Secretary David Cameron said in a statement.
“Despite their repeated efforts, they have failed.”
The U.K. foreign office said that while some of Star Blizzard’s attacks have resulted in leaked documents, the overarching attempts to interfere in British politics and democracy “have not been successful.”
The joint advisory from Canada’s Canadian Centre for Cyber Security and the cybersecurity agencies of the U.S., U.K., Australia and New Zealand warned Star Blizzard is responsible for a series of “spear-phishing” attacks, which are targeted towards specific victims. Actors will impersonate otherwise trusted individuals in order to obtain information from a target.
In Star Blizzard’s case, according to the warnings issued Thursday, the group targets the email accounts of its targets. According to the U.S. Treasury, the phishing campaigns are designed “to obtain and potentially exfiltrate sensitive information to advance the Kremlin’s policy goals.”
The advisory urges organizations in the academic, defence and government sectors, as well as NGOs, think-tanks and politicians, to take mitigation steps outlined by the cybersecurity agencies to protect themselves from phishing attacks.
“Russia’s malicious cyber activity and its egregious disinformation campaigns are unacceptable and must stop,” Canada’s Foreign Affairs Minister Melanie Joly, Defence Minister Bill Blair and Public Safety Minister Dominic LeBlanc said in a joint statement that “strongly” condemned the Russian cyber campaign against the U.K.
“These incidents underline a pattern of disruptive cyber activity that demonstrate a repeated disregard for the rules-based international system. This activity also demonstrates the willingness of Russia to use its cyber capabilities irresponsibly.”
The Russian embassy in the U.K. confirmed in a statement its ambassador was summoned by London over the issue, but said the “unfounded” allegations were based on “mothballed myths” designed to boost the Conservative government’s political standing.
“Yet again the British side presented their invented claims of Russia conducting cyberattacks, including those allegedly targeting the U.K.’s electoral process,” the embassy said in a statement.
“In response the Russian side stated that in the absence of concrete evidence it saw no reason to regard these insinuations as credible.”
Group sits within FSB's Centre 18
According to the advisory and the U.K. government announcement, Star Blizzard — also known as Cold River, Callisto and Seaborgium — sits within Centre 18, one of two known cyber espionage units of the FSB, which itself is the successor agency of the former KGB.
The U.K. said Star Blizzard has been behind spear-phishing attacks on parliamentarians from multiple political parties since at least 2015 through this year, as well as a number of high-profile hacks of British intelligence officers and thinktanks. It said the group was responsible for the hack-and-leak of U.K.-U.S. trade documents ahead of the 2019 general election in the U.K.
The two individuals sanctioned by the U.S. and U.K. — identified as Ruslan Aleksandrovich Peretyatko, an FSB intelligence officer, and Andrey Stanislavovich Korinets, an IT worker and member of Star Blizzard — are portrayed as the key perpetrators of the spear-phishing attacks.
The U.S. Treasury said Korinets conspired with Peretyatko to break into victims’ computer systems in a bid to trick their targets into clicking on malicious links. In one case, the department said, those links were sent at least 20 times by a spoof email account designed to impersonate a retired U.S. Air Force general.
The U.S. Department of Justice on Thursday also unsealed a grand jury indictment against Peretyatko and Korinets “with a campaign to hack into computer networks in the United States, the United Kingdom, other North Atlantic Treaty Organization member countries and Ukraine, all on behalf of the Russian government.”
The indictment, which was delivered by a federal grand jury in San Francisco on Tuesday, accuses the pair and unindicted co-conspirators of targeting current and former members of the U.S. intelligence community, defence and state departments, as well as defence contractors and U.S. Energy Department facilities between at least 2016 and 2022.
The U.S. State Department said it is offering rewards of up to US$10 million for information that will lead to Peretyatko and Korinets’ whereabouts and arrests.
Marcus Kolga, a senior fellow at the Macdonald Laurier Institute who focuses on cybersecurity and Russian foreign policy, said the FSB’s involvement in cyber espionage campaigns abroad shouldn’t come as a surprise.
“The GRU (Russia’s foreign military intelligence agency) and the FSB, one of them may be more active than the other at different times, but they pose the same threat and they are ultimately working toward the same goal,” he told Global News.
“This type of cyber hacking threat by Russia is persistent,” he added, calling it “normal operating procedure” for the Kremlin.
He said governments including Canada who are facing these threats have a responsibility to directly alert organizations and individuals who are targeted by Russia’s activities, saying the issuing of statements and advisories isn’t enough.
“Ultimately, these kinds of phishing campaigns prey upon human error,” he said, making education on how to counter such attacks crucial.
—with files from Reuters