MANCHESTER, ENGLAND – NOVEMBER 15: Prime Minister Boris Johnson addresses his supporters prior to boarding his General Election campaign trail bus on November 15, 2019 in Manchester, England. (Photo by Frank Augstein-WPA Pool/Getty Images)

Leaked emails from several prominent pro-Brexit figures have been published on a website called “Very British Coop d’Etat.” The perpetrators are thought to be Russian state-sponsored cybercriminals.

Boris Johnson has been labelled a “sneaky strawhead” on a website that has allegedly published emails from leading pro-Brexit figures. (Photo by Frank Augstein-WPA Pool/Getty Images)

Emails allegedly from the accounts of former head of MI6 Richard Dearlove, ex-Labour MP and leading Brexit campaigner Baroness Stuart, and pro-Brexit historian Richard Tooms, among others, have been leaked on the site.

The site claims that the leaked messages show that a group of pro-Brexit figures is secretly controlling the United Kingdom, alleging that there was a ‘deep state’ plot to place Boris Johnson at the head of the UK government instead of Theresa May.

Emails purporting to be from Dearlove’s account on encrypted email service ProtonMail feature prominently on the site.

Brexit email leak: conspiracy or legitimate lobbying exercise?

Dearlove, who led MI6 between 1999 and 2004, told Reuters “I am well aware of a Russian operation against a Proton account which contained emails to and from me.” He told reporters that the emails demonstrate nothing sinister, and instead show a “legitimate lobbying exercise.” 

The campaign has been referred to as “clumsy” and “disinformation” by Shane Huntley, director of Google‘s Threat Analysis Group, who first spotted the site. Huntley questions the validity of the leaks as well as their sources: “As we take a breath, we note that this is a pretty clumsy campaign, and maybe based on just one hacked ProtonMail account,” he tweeted earlier today. 

The group behind the Brexit email leak is thought to be Russian cyber-espionage group Callisto, also known as COLDRIVER and Gamaredon. Earlier this year, Google’s Threat Analysis Group observed the group sending phishing emails to a NATO Centre of Excellence, as well as some US NGOs, a Ukrainian defence contractor and other targets in Eastern Europe.

Callisto working for the Russian government

Callisto has been particularly interested in military targets, and in November the Ukrainian Security Service revealed the real identities of five of the group’s members in retaliation for its behaviour. Security company Recorded Future notes that the gang probably “acted on orders from the [Russian] FSB Center for Information Security,” and that it was “one of the most active groups targeting Ukraine“.

There has been some speculation that the leaks were enacted in retaliation to Boris Johnson and the UK’s support of Ukraine during its war with Russia. Johnson, who has been banned from Russia, is referred to as a “puppet” and a “sneaky strawhead” on the site.

Read more: New technologies are making conflicts like the Ukraine war more deadly for civilians