 in the UK exposed Russian cyber attacks targeting political processes. Learn more about the impact and implications of these revealed attacks.){kind=link}
- The NCSC has firmly attributed a long-running campaign of cyber attacks targeting UK political processes to a group run out of Russia’s FSB intelligence agency, known as Star Blizzard
- By Alex Scroxton, Security Editor
Published: 07 Dec 2023 12:45
The UK’s National Cyber Security Centre, working alongside international allies, has called out a series of sustained and, as-yet, unsuccessful attempts by Russian state-backed cyber actors to interfere in British politics and democratic processes, attributing the group responsible to Centre 18 of Russia’s Federal Security Service (FSB), the main successor agency to the Cold War KGB.
The NCSC, and its Five Eyes allies, had previously published an advisory on the group in question’s alleged activity in January 2023, but are now able to firmly attribute the campaign. They have designated the group Star Blizzard – although it has previously gone by many other names, including Cold River and Seaborgium.
Its activities have included the targeting of high-profile individuals spear-phishing in a sustained campaign dating back almost a decade, the compromise of UK-US trade documents leaked before the 2019 General Election, and a cyber attack on the Institute for Statecraft anti-disinformation think tank and its founder. Among some of its more prominent victims were a former MI6 chief who, as previously reported by Computer Weekly, saw his emails hacked and communications, including details of his involvement with a group of prominent individuals pushing for a hard Brexit, exposed. It has also targeted universities, journalists, public sector bodies, non-governmental organisations (NGOs) and other civil society organisations. Its ultimate aim is to selectively leak information obtained through cyber espionage and amplify its release in line with Russia’s geopolitical goals, or to undermine trust in UK politics.
The NCSC, and its Five Eyes allies, had previously published an advisory on the group’s alleged activity in January 2023, but are now able to firmly attribute the campaign. “Defending our democratic processes is an absolute priority for the NCSC and we condemn any attempt which seeks to interfere or undermine our values,” said NCSC operations director Paul Chichester. “Russia’s use of cyber operations to further its attempts at political interference is wholly unacceptable, and we are resolute in calling out this pattern of activity with our partners. Individuals and organisations which play an important role in our democracy must bolster their security and we urge them to follow the recommended steps in our guidance to help prevent compromises.”
The NCSC is today issuing revised guidance to help individuals at high risk of compromise put measures in place to protect their devices and online accounts, including taking steps to set up multi-factor authentication (MFA), improve credential hygiene and install security updates to their devices. This can be accessed via its microsite here.