Downing Street is facing calls for an inquiry after it revealed Russian state spies have targeted British MPs, peers, civil servants and journalists with cyber-attacks for the last eight years and were behind a hack that influenced the 2019 election.
The government summoned the Russian ambassador on Thursday to admonish Moscow over “sustained” attempts to meddle in UK politics since 2015. As a result, the Foreign Office imposed sanctions on two members of a hacking group called Star Blizzard, one of whom is named as a federal security services (FSB) officer.
Leo Docherty, a Foreign Office minister, said many of the hundreds of cyber-attacks on MPs, peers and others were unsuccessful but he identified two hacks in 2018 and 2019 that the government now believes were carried out by Star Blizzard.
Docherty told parliament that the Star Blizzard group linked to the FSB was behind the leak of US-UK trade talk papers in 2019. These are believed to have been obtained in a phishing attack on the email account of former trade secretary Liam Fox. The leaked document, published online, was used by Labour in the 2019 election to show that the NHS was “on the table” in US trade talks.
The Foreign Office also said Star Blizzard was behind a 2018 hack on a government-backed thinktank called the Institute for Statecraft. Documents apparently leaked as part of the hack led to suggestions that the institute had been amplifying social media critical of Jeremy Corbyn and Labour. At the time, the Foreign Office said it had investigated and found no systemic bias at the thinktank, while blaming a Russian operation to discredit the organisation.
Doherty’s admission prompted a group of MPs campaigning for more transparency about Russian hacking to call for a full inquiry along the lines of the report on claims of Russian interference in the 2016 US presidential election produced by Robert Mueller, a former FBI director.
The group, including Labour MP Ben Bradshaw and Green MP Caroline Lucas, said the government should reveal the truth about attempts to meddle in Brexit, other political events and the business of government.
High-profile figures whose emails have been hacked include Sir Richard Dearlove, a former head of MI6, and SNP MP Stewart McDonald, while other household name politicians and figures have kept quiet about being targeted.
Bradshaw said the group was shocked by the government’s admission after successive No 10 administrations had spent years downplaying the significance of Russian attempts to meddle in politics.
“I am flabbergasted that, having denied or obfuscated this for years and resisted our legal attempts to get them to investigate Russian interference all the way through the courts, the government is now admitting it’s been going on since before the Brexit referendum, as many of us said at the time,” he said.
The government said it had identified a group called Centre 18, a unit within the FSB, as being involved in cyber-espionage and Star Blizzard was a subordinate group targeting “British parliamentarians from multiple parties”.
Docherty said the group had “selectively leaked and amplified the release of sensitive information in service of Russia’s goals of confrontation”.
The minister said the hackers engaged in thorough research and “impersonated contacts that appear legitimate and create a believable approach seeking to build a rapport before delivering a malicious link”. He said they predominantly target personal accounts.
The two sanctioned Russians were named on Thursday as Ruslan Peretyatko, an FSB intelligence officer and a member of Star Blizzard AKA the Callisto Group, and Andrey Korinets, a member of the same group. Korinets, had previously been identified by Reuters as a “35-year-old IT worker and bodybuilder” from Syktyvkar, a city about 1,000 miles north-east of Moscow. He told the agency that he did own email accounts that researchers had linked to Star Blizzard but denied any knowledge of hacking.
Star Blizzard has been previously identified by the National Cyber Security Centre for carrying out “worldwide spear-phishing campaigns” in the UK, US and elsewhere in Europe going back to 2015.
It has often targeted email exchanges, leaking messages from Dearlove last year pertaining to Brexit and targeting the Foreign Office in attacks as far back as 2016.
Analysts described Centre 18 as a rough-and-tumble counterintelligence agency that regularly employs proxies and former cybercriminals and is willing to use its attacks for hack-and-leak operations meant to influence politics abroad, a tactic regularly called “active measures”.
“What sets them apart from many of their peers, and makes them particularly dangerous, is their willingness to leak hacked data for political purposes,” wrote John Hultquist, chief analyst at Mandiant, a US cybersecurity firm.
“Russia’s military intelligence service, the GRU, has received the lion’s share of the attention when it comes to election-related activity, which is only natural given their history of serious incidents in the US and France, but this actor is one to watch closely as elections near. The FSB clearly has an interest in political interference, and hacked emails are a powerful tool.”
The Russian embassy, which sent another diplomat to the Foreign Office rather than the ambassador, released a statement saying it took “note of illegitimate unilateral restrictions” and claimed it was “yet another act of poorly staged drama”.
Speaking while on a trip to the US, David Cameron, the foreign secretary, said Russia’s attempts to interfere in UK politics are “completely unacceptable and seek to threaten our democratic processes”.
“Despite their repeated efforts, they have failed. In sanctioning those responsible and summoning the Russian ambassador today, we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage.”
MPs have previously complained about being targeted by hackers, including the SNP’s McDonald who revealed in February his emails had been stolen by a group posing as his researcher. The Russian government was also suspected in 2017 of being behind a cyber-attack on parliament that breached dozens of email accounts belonging to MPs and peers.
A damning report from parliament’s intelligence and security committee found in 2020 that the British government and intelligence agencies failed to conduct any proper assessment of Kremlin attempts to interfere with the 2016 Brexit referendum.
The long-delayed Russia report at the time said ministers in effect turned a blind eye to allegations of Russian disruption. It said the government “had not seen or sought evidence of successful interference in UK democratic processes” at the time and it made clear that no serious effort was made to do so.