What we know about Russian ‘Star Blizzard’ accused of years of cyberattacks on UK

Russian cyberattackers have been accused of targeting British democracy ahead of next year’s general election.
The UK says MPs, journalists, think tanks and an ex-head of MI6 are among those to have been in the sights of hacking operations linked to the Kremlin.

Here’s everything we know so far.
Who is behind the attacks?
Russia’s FSB Centre 18 has been named by the UK as the source of the attacks.

In intelligence circles, it also goes by other names, including Iron Frontier and Star Blizzard.
The UK has named two specific members: Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets.
The FSB, or Federal Security Service, is Moscow’s spy agency.
A previous report for the US Congress on Russian cyber units identified Centre 18 as one of two primary hubs overseeing the FSB’s security and cyber operations, along with Centre 16.

Advertisement

Rafe Pilling, director of threat intelligence at cybersecurity firm Secureworks, said the two were responsible for a “significant proportion of offensive Russian cyberactivity”.
When Centre 18 is involved, it suggests an attack is a “state-directed endeavour”, he added.
Its officers were indicted for breaching US internet company Yahoo and millions of email addresses in 2017, and Ukrainian intelligence has also found evidence of it having a presence in Russian-occupied Crimea.
FSB units like Centre 18 are believed to be capable of manufacturing their own advanced malware, designed to damage and steal data from a victim’s computer systems.
They are also thought to work with criminal Russian hacking groups like Cosy Bear, Fancy Bear, and Sandworm.

Image: FSB director Alexander Bortnikov
What do they do?
Phishing emails, which involve hackers attempting to trick targets into revealing sensitive information, are a common tactic.
Mr Pilling said they had become “more sophisticated” over time, with hackers going through multiple stages of exchanging emails to gain trust before delivering a malicious payload – like malware – to steal data.
Given its links to Moscow, Centre 18 is primarily concerned with targeting diplomats, politicians, and other organisations and individuals in the public sector.
Mr Pilling described their operations as “bread and butter spy work”.
“Spies go where the information is – and people’s mailboxes are where a significant chunk of this is,” he said.
“It’s quite traditional espionage.”

How has the UK been targeted?
Britain believes hackers associated with Centre 18 have targeted “high-profile people within the political sphere”, journalists, and think tanks over several years.
They are accused of hacking and leaking information in a bid to influence British elections.
This includes a leak of UK-US trade documents, which were brandished by then Labour leader Jeremy Corbyn before the 2019 general election, and an attack that same year on the Institute for Statecraft.
Other targets have allegedly included the NHS, schools, and former MI6 chief Sir Richard Dearlove.
Deputy Prime Minister Oliver Dowden said 40% of attacks were against the public sector, including a “complex” operation against the Electoral Commission.
The UK’s intelligence agencies have accused Russian hacking groups of targeting the country before, but these have not always been linked directly to the Kremlin’s bureaus.
In September, the government sanctioned 11 members of the Trickbot group for targeting British hospitals during the COVID pandemic. They would later offer support for Vladimir Putin’s invasion of Ukraine.
Last month, Russian group Killnet took responsibility for an attack on the Royal Family’s official website.
This week, groups linked to Russia and China were accused of hacking IT systems at the Sellafield nuclear site.

Image: Vladimir Putin has sought to interfere in previous Western elections and referendums
How concerned should we be?
Mr Dowden said the goal of Russia and other hostile actors like Iran and China was to undermine elections.
“The new frontline is online,” he said of the threats facing the UK and its allies.
But the government has insisted Russia’s efforts have not been successful.
“Despite their repeated efforts, they have failed,” said Foreign Secretary David Cameron.
Mr Pilling said the attacks “tend not to have the impact the Russians would like”, but that they would likely continue despite the UK’s decision to name and shame suspects.
Russia was accused of interfering in the 2016 US election and Brexit referendum, and will likely look to target both countries’ elections in 2024.
The National Cyber Security Centre, along with the UK, Australia, New Zealand, and Canada, is set to publish new cybersecurity advice to help high-profile targets defend themselves from future attacks.

Source : Sky News