Government departments will be required to ensure their digital systems are “secure by design”, Deputy Prime Minister Oliver Dowden has said. Dowden was speaking after it was revealed hackers working for Russia’s FSB security force have been targeting UK politicians and trying to interfere with elections.
UK cyber watchdog the National Cyber Security Centre and its allies revealed on Thursday that a cybercriminal gang known as Star Blizzard had been identified as being behind a campaign against the UK’s democratic institutions that has been ongoing since 2015. In a new advisory, it said the hackers are “almost certainly subordinate” to Centre 18, a division of Russia’s FSB.
The group is said to have successfully hacked MPs from across the political spectrum, as well as targeting journalists and academics.
UK government responds to Russian hacking report
In a speech delivered on Thursday, Dowden said that following the discovery, “a senior representative of the Russian government has been summoned to the Foreign Office this morning and appropriate sanctions have been levelled”.
He added: “Our political processes and institutions will continue to endure despite these attacks. But they serve to prove that the cyber threat posed by the Russian Intelligence Services is real and serious.”
To try and counter the efforts of nation-state-backed hackers like those working for Russia’s FSB, Dowden said: “The challenge is to make those digital systems ‘secure by design’ and to embed effective cybersecurity practices into our digital delivery.
“That’s why I am announcing today that we will make security everyone’s responsibility and make ‘secure by design’ mandatory for central government organisations.”
Content from our partners
Secure by design principles means security is considered when building software or a digital system and embedded into that system, rather than being considered after it is built. Earlier this year, the government released secure-by-design guidelines for manufacturers of IoT devices, and last month teamed up with its allies to offer similar advice to AI developers.
How hackers from Russia’s FSB struck at the heart of UK democracy
The NCSC report says Star Blizzard has conducted wide-ranging attacks on targets in the UK, including spear phishing attacks on UK MPs from multiple political parties. Spear phishing attacks use highly personalised communications – usually emails – to convince targets to hand over sensitive information.
The NCSC believes that Star Blizzard was behind the leaking of UK-US trade documents, which were published online ahead of the 2019 general election and used by then-Labour leader Jeremy Corbyn as evidence that the government planned to sell off parts of the NHS. It is thought the documents were stolen after former international trade secretary Liam Fox was hacked.
It is also being blamed for the 2018 compromise of the Institute for Statecraft, a UK think tank whose work included initiatives to defend democracy against disinformation, and the more recent hack of its founder Christopher Donnelly, whose account was compromised in December 2021. In both cases, documents were subsequently leaked.
The NCSC says the group “has also selectively leaked information obtained through its operations and amplified the release in line with Russian confrontation goals, including to undermine trust in politics in the UK and like-minded states”.
Paul Chichester, NCSC director of operations, said: “Defending our democratic processes is an absolute priority for the NCSC and we condemn any attempt which seeks to interfere or undermine our values.
“Russia’s use of cyber operations to further its attempts at political interference is wholly unacceptable and we are resolute in calling out this pattern of activity with our partners.
“Individuals and organisations which play an important role in our democracy must bolster their security and we urge them to follow the recommended steps in our guidance to help prevent compromises.”
The NCSC, along with its allies in the Five Eyes security alliance – the US, Canada, Australia and New Zealand – has released updated guidance on how organisations can protect their networks from hackers like Star Blizzard.
The refreshed guidance is designed to help high-risk individuals improve their security posture by putting measures in place to protect their devices and online accounts. This includes setting up two-step verification, creating strong passwords and installing updates promptly.
The many names – and campaigns – of Star Blizzard
In January, the NCSC warned that Star Blizzard, which has previously been referred to as Callisto Group, Cold River and Seaborgium, was targeting prominent figures in the UK to try and get hold of sensitive data.
This warning followed a 2022 message from Microsoft, which said the group attempted to attack its customers in Nato-supporting countries.
The group has been linked to Center 18, an FSB department known to back “global cyber espionage”, according to John Hultquist, chief analyst at Google-owned cybersecurity vendor Mandiant.
Hultquist said: “Center 18 has been previously publicly linked to intrusions into Yahoo that involved a co-opted cybercriminal as well as intrusions by a young Canadian national who was hired to target accounts.
“The Centre is also tied to the Gamaredon cyber espionage activity, which is reportedly conducted by former Ukrainian SBU officers who defected to Russia during the occupation of Crimea. Another FSB Centre, Centre 16, is tied to the infamous Turla cyber espionage activity and a series of intrusions into global critical infrastructure best known as Energetic Bear.”
Because of this, Hultquist described the group as “one to watch closely”, with elections on the horizon in the US and UK. He said: “Russia’s military intelligence service, the GRU, has received the lion’s share of the attention when it comes to election-related activity, which is only natural given their history of serious incidents in the US and France, but this actor is one to watch closely as elections near.
“The FSB clearly has an interest in political interference, and hacked emails are a powerful tool.”
