Canada and its Five Eyes allies have issued a joint cybersecurity threat advisory warning of Russian cyberattacks after the British government said it revealed a years-long hacking plot led by a group aligned with the Russian Federal Security Service (FSB).
The British Foreign Office said on Thursday that the hacking group, known as “Star Blizzard” and working on behalf of the FSB, had targeted politicians, journalists, universities and non-profit groups British for several years. The group sought to obtain information with the aim of “interfering in British politics and democratic processes”, the office said in a statement.
In its own statement, the US Treasury Department said the group had also “targeted critical US government networks”.
In response, the UK and US imposed sanctions on two Russian members of the Star Blizzard group, one of whom is a Russian FSB intelligence officer. The UK also summoned the Russian ambassador over the issue.
“Russia’s attempts to interfere in British politics are completely unacceptable and are intended to threaten our democratic processes,” British Foreign Secretary David Cameron said in a statement.
“Despite their repeated efforts, they failed. »
The British Foreign Office said that while some of Star Blizzard’s attacks resulted in leaked documents, overall attempts to interfere in British politics and democracy “were unsuccessful.”
The joint council from the Canadian Center for Cyber Security and cybersecurity agencies from the United States, United Kingdom, Australia and New Zealand warned that Star Blizzard was responsible for a series of “Phishing”, which target specific victims. Actors will pose as otherwise trustworthy people in order to obtain information from a target.
In the case of Star Blizzard, according to warnings issued Thursday, the group is targeting the email accounts of its targets. According to the U.S. Treasury, phishing campaigns are designed “to obtain and potentially exfiltrate sensitive information in order to advance the Kremlin’s political objectives.”
The advisory urges organizations in the academic, defense, and government sectors, as well as NGOs, think tanks, and politicians, to take mitigation steps outlined by cybersecurity agencies to protect against cyberattacks. phishing.
“Russia’s malicious cyber activities and massive disinformation campaigns are unacceptable and must stop,” Canadian Foreign Minister Mélanie Joly, Defense Minister Bill Blair and Public Safety Minister Dominic LeBlanc said in a statement. joint “strongly” condemning the Russian cybercampaign against the UNITED KINGDOM
“These incidents highlight a pattern of disruptive cyber activity that demonstrates repeated disregard for the rules-based international system. This activity also demonstrates Russia’s willingness to use its cyber capabilities irresponsibly.”
The Russian embassy in the UK confirmed in a statement that its ambassador had been summoned to London over the matter, but said the “unfounded” allegations were based on “shelved myths” intended to bolster the position Conservative government policy.
“Once again, the British side has presented its fabricated allegations that Russia is carrying out cyberattacks, including those targeting the United Kingdom’s electoral process,” the embassy said in a statement.
“In response, the Russian side stated that in the absence of concrete evidence, it saw no reason to consider these insinuations credible.”
The group is headquartered at Center 18 of the FSB
According to the UK government’s notice and announcement, Star Blizzard – also known as Cold River, Callisto and Seaborgium – is part of Center 18, one of two known cyberespionage units of the FSB, which is itself even the successor agency to the old KGB.
FILE – On this Friday, December 30, 2016, cars drive past the FSB headquarters in downtown Moscow, Russia. US indictment of Russian intelligence agent and suspected hacker accused of using ‘spear-phishing’ attacks with spam accounts to target politicians and other groups and individuals in the United States and the United Kingdom has highlighted the overlapping of Russian security services. and the murky underworld of digital. (AP Photo/Alexander Zemlianichenko, file).
The UK said Star Blizzard was behind spear phishing attacks against parliamentarians from several political parties from at least 2015 until this year, as well as a number of high-profile hacks of officers of British intelligence and think tanks. He said the group was responsible for hacking and leaking UK-US trade documents ahead of the 2019 UK general election.
The two individuals sanctioned by the United States and the United Kingdom – identified as Ruslan Aleksandrovich Peretyatko, an FSB intelligence officer, and Andrey Stanislavovich Korinets, a computer scientist and member of Star Blizzard – are presented as the main perpetrators of the attacks of spear phishing.
The U.S. Treasury said Korinets conspired with Peretyatko to break into victims’ computer systems in an attempt to trick their targets into clicking on malicious links. In one case, the department said, those links were sent at least 20 times by a fake email account designed to impersonate a retired U.S. Air Force general.
The US Department of Justice on Thursday also unsealed a grand jury indictment against Peretyatko and Korinets “with a campaign of hacking computer networks in the United States, the United Kingdom, other member countries of the North Atlantic Treaty Organization and Ukraine, all in the name of the government Russian”.
The indictment, which was returned Tuesday by a federal grand jury in San Francisco, accuses the two men and unindicted co-conspirators of targeting current and former members of the U.S. intelligence community, departments of defense and state, as well as defense and American energy contractors. Departmental facilities between 2016 and 2022 at least.
The US State Department announced it would offer rewards of up to $10 million for information leading to the location and arrest of Peretyatko and Korinets.
Marcus Kolga, a senior fellow at the Macdonald Laurier Institute who focuses on cybersecurity and Russian foreign policy, said the FSB’s involvement in overseas cyberespionage campaigns should come as no surprise.
“The GRU (Russia’s foreign military intelligence agency) and the FSB, one of them may be more active than the other at different times, but they represent the same threat and ultimately work toward same objective,” he told Global News.
“This type of cyberhacking threat from Russia is persistent,” he added, calling it “standard operating procedure” for the Kremlin.
He said governments, including Canada, that face these threats have a responsibility to directly alert organizations and individuals targeted by Russian activities, saying issuing statements and advisories is not enough.
“Ultimately, these types of phishing campaigns prey on human error,” he said, making education on how to counter such attacks crucial.
—with files from Reuters