The shadowy Russian cyber unit behind attacks on British MPs

The shadowy Russian cyber unit behind attacks on British MPs: FSB’s ‘Centre 18’ is named by UK as source of the attacks using group dubbed ‘Star Blizzard’ or ‘Cold River’ – as two of it s members are hit with sanctions

The eight-year Russian hacking campaign targeting the private conversations of British MPs, civil servants and public figures is said to have been orchestrated by a shadowy cyber unit known as ‘Centre 18’. 

The unit – part of the notorious Federal Security Service (FSB) – was allegedly run by intelligence officer Ruslan Aleksandrovich Peretyatko and bodybuilder Andrey Stanislavovich Korinets. 

Today the Foreign Office took the unusual move of naming the two men, who they said successfully compromised the private emails and conversations of high-profile politicians and ministers. 

During ‘sustained’ attempts to interfere in UK politics, which will only increase next year when the country goes to the polls, they stole information from hundreds of politicians, officials, civil servants, NGOs and journalists. 

Peretyatko and Korinets now face sanctions, with US officials offering $10million (£7.9m) for any information about them.   

Intelligence officer Ruslan Aleksandrovich Peretyatko and bodybuilder Andrey Stanislavovich Korinets are alleged to have run a cyber operations unit known as the 18th Centre for Information Security

The unit is based within the Federal Security Service (FSB), whose Moscow headquarters are pictured

The pair are accused of using a group called Star Blizzard to hack top politicians including infiltrating the personal email account belonging to Liam Fox, the former trade minister to steal classified documents relating to US-UK trade talks.

They are also said to have carried out the 2018 hack of the Institute for Statecraft, a UK thinktank whose work included initiatives to defend democracy against disinformation, and the more recent hack of its founder Christopher Donnelly, whose account was compromised from December 2021.

READ MORE – Russia ‘targeted hundreds of MPs, civil servants and academics in eight-year hacking campaign’

The group have also extensively targeted universities, journalists, the public sector, NGOs and other Civil Society organisations, many of whom play a key role in UK democracy.

The Star Blizzard hacking group, also known as Cold River and the Callisto Group, is said to have targeted the Foreign Office in 2016. 

The group is also believed to have broken into emails belonging to the former head of Britain’s MI6, Sir Richard Dearlove.

The chief of MI6 between 1999 and 2004, told Reuters last year that there has been a ‘Russian operation’ to obtain emails from him and other Brexiteers unhappy with Theresa May’s failure to negotiate a EU exit deal between August 2018 and July 2019.

He said: ‘I am well aware of a Russian operation against a Proton [email] account which contained emails to and from me.’

On a website titled ‘Very English Coop d’Etat’, Russian hackers published private emails they claimed were from the former spymaster, leading Brexit campaigner Baroness Gisela Stuart, pro-Brexit historian Robert Tombs, and other supporters of Britain’s divorce from the EU, which was finalized in January 2020.

The emails describe a short-lived plan to create a hard Brexit campaign group in the summer of 2018 amid growing opposition to Mrs May’s proposed Chequers deal at the time.

Today the Foreign Office took the unusual move of naming Korinets (pictured) and Peretyatko

A social media photo of Korinets showing him in a baseball cap and a black jacket 

The FSB, which is based in a grand building in Moscow, is the successor agency to the KGB and in the 1990s was briefly headed by Vladimir Putin. 

The 18th Centre for Information Security operates within the FSB and is responsible for domestic operations but works overseas as well. 

Its work includes manufacturing malware for use against foreign targets, according to a report for the US congress, with bosses bringing in civilian hackers to bolster it’s effectiveness. 

The Foreign, Commonwealth and Development Office today summoned the Russian Ambassador to express the UK’s deep concern about the unit’s activities, while insisting that the decision to name its key members would help thwart its activities. 

READ MORE – The spies living among us: Brits wonder who their neighbours are after arrest of suburban ‘Russian spy ring’ 

Foreign Secretary David Cameron said: ‘Russia’s attempts to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes.

‘Despite their repeated efforts, they have failed.

‘In sanctioning those responsible and summoning the Russian Ambassador today, we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage.

‘We will continue to work together with our allies to expose Russian covert cyber activity and hold Russia to account for its actions.’

Deputy Prime Minister Oliver Dowden said: ‘As I warned earlier this year, state actors, and the ‘Wagner-style’ sub-state hackers they use to do their dirty work, will continue to target our public institutions and our democratic processes.

‘We will continue to call this activity out, to raise our defences, and to take action against the perpetrators.

‘Online is the new frontline. We are taking a whole of society approach to ensuring we have the robust systems and cutting-edge skills needed to resist these attempts to undermine our democracy.’

Home Secretary James Cleverly said: ‘An attack against our democratic institutions is an attack on our most fundamental British values and freedoms. The UK will not tolerate foreign interference and through the National Security Act, we are making the UK a harder operating environment for those seeking to interfere in our democratic institutions.’

The group is also believed to have broken into emails belonging to the former head of Britain’s MI6, Sir Richard Dearlove 

They also infiltrated the personal email account belonging to Liam Fox, the former trade minister to steal classified documents relating to US-UK trade talks 

Foreign Office minister Leo Docherty issued a statement in the Commons this morning telling MPs: ‘Russia’s attempted interference in political and democratic processes through cyber or any other means is unacceptable.

‘I can reassure the House that we have identified the targeting of parliamentary colleagues, we have engaged with victims both through the National Cyber Security Centre and parliamentary authorities.

‘This Government will continue to expose and respond to malign cyber activity, holding Russia accountable for its actions.

‘To that end the UK has designated two individuals under the UK’s cyber sanctions regime following a thorough investigation by the National Crime Agency into the hack of the Institute for Statecraft. In doing so we send a clear message that these actions have consequences.

‘The FCDO has summoned the Russian ambassador to the Foreign Office to convey this message this morning.’

Shadow foreign secretary David Lammy described the details as ‘an attack not only on individuals but on British democracy, on all sides of this House and on the public that we represent’.

Source: Read Full Article