UK accuses Russia of cyber interference targeting elections and democracy
The government has imposed sanctions on two Russian nationals for their involvement in spearphishing operations
The UK government has accused Russia's intelligence services of attempting to interfere in UK politics and democratic processes through a sustained cyber-espionage campaign.
The National Cyber Security Centre (NCSC), a division of GCHQ, attributed these activities to the group known as Star Blizzard, asserting its likely affiliation with Centre 18 of Russia's Federal Security Service (FSB).
The malicious cyber activity orchestrated by Star Blizzard encompasses a range of tactics, including spearphishing attacks on UK parliamentarians across multiple political parties since 2015.
The group was also responsible for compromising and leaking UK-US trade documents before the 2019 General Election and infiltrating the Institute for Statecraft, a UK think tank focused on defending democracy against disinformation, in 2018.
The campaign extends to targeting universities, the public sector, journalists, NGOs and various civil society organisations, all integral to the democratic process in the UK.
Star Blizzard has engaged in selectively leaking information obtained through its operations, amplifying releases to align with Russian confrontation goals, thereby undermining trust in politics not only in the UK but also in like-minded states.
UK Foreign Office minister Leo Docherty, addressing the House of Commons, underscored the severity of the cyber threat posed by Russian intelligence services, describing it as "real and serious".
Docherty highlighted the sophisticated tactics employed by the attackers, including the creation of false accounts on social media platforms and networking sites to build trust before delivering malicious content.
Foreign secretary David Cameron strongly condemned these attempts to interfere in UK politics, deeming them "completely unacceptable" and a direct threat to the democratic process.
Paul Chichester, NCSC director of operations, expressed the organisation's commitment to defending the democratic process. Chichester urged individuals and organisations integral to democracy to enhance their security measures and follow the recommended guidelines to prevent compromises.
The announcement follows previous concerns expressed by MPs, with instances of cyber interference reported, including a 2017 cyberattack on Parliament. However, this marks the government's most explicit acknowledgment of systematic Russian attempts to interfere in the UK's democratic processes.
The government has imposed sanctions on Ruslan Aleksandrovich Peretyatko, an FSB intelligence officer, and Andrey Stanislavovich Korinets, a member of Star Blizzard, for their involvement in spear-phishing operations.
The Russian ambassador to the UK was also summoned to hear Britain's concerns over the interference.
While Russia has faced suspicions of meddling in UK politics before, including in the Brexit referendum, the current allegations have brought renewed scrutiny.
The Conservative government has been criticised for its perceived failure to investigate previous instances of Russian interference, raising questions about the broader implications for the integrity of democratic processes in the UK and beyond.
The UK and its allies have previously exposed Russia's involvement in compromises affecting SolarWinds, ViaSat, and critical national infrastructure.
In May, the NCSC, alongside its international partners, uncovered a sophisticated cyberespionage tool used by Centre 16 of Russia's FSB.
Commenting on the fresh allegations against Russian agencies, Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest, said the revelations should come as no surprise, and nor should the identity of the accused actor.
"The attribution to BlueCharlie (aka Callisto, Seaborgium, Coldriver and StarBlizzard), also comes as no surprise. Despite being agile and sophisticated, such APT groups continue to use rudimentary techniques—largely because they work.
"To prevent domain impersonation, organisations can regularly monitor domain registrations to detect any suspicious or unauthorised registrations."
User eduction to raise awareness of the risks, and deploying email security protocols such as SPF and DKIM can help verify the authenticity of email senders and prevent domain spoofing, he added.