SECURITY
SECURITY
SECURITY
UK reveals years-long Russian cyber-espionage activities
This probably comes as no surprise to anyone, but Britain’s Foreign Office revealed on Thursday that it has found long-term evidence of cyber-espionage targeting a variety of politicians, public officials and journalists by the FSB, Russia’s main security agency.
The activities were tracked back to 2015 to the present by a group called Star Blizzard by Microsoft Corp. and the Cold River Group by Google LLC’s threat intelligence groups. They used fake identities impersonating various government contacts that delivered spear-phishing emails to steal documents from both U.S. and U.K. sources.
The emails were disguised as tech support messages that were used to harvest credentials as a way to gain access to victims’ email accounts. In Microsoft’s blog post, the specific tactics used were described in detail, such as using server-side scripting to prevent network scans, hiding email and DNS TCP/IP addresses, and creating password-protected PDF files for further obscurity. Emails were sent using legit marketing services including HubSpot and MailerLite, to lend further legitimacy to the operations, as shown in the flowchart below.
“There was a clear intent to use information they obtained to meddle in British politics,” U.K. Foreign Office minister Leo Docherty told the AP. Targets included the email accounts of nongovernmental organization managers, academics and the media, among others, with the purpose of undermining trust in the political processes, such as revealing early rounds of sensitive trade negotiations between the U.S. and the U.K.
As a result of these investigations, both the U.S. and the U.K. imposed sanctions on two Russian intelligence operatives earlier this week. Along with the two charged, other confederates were featured in a January report by Nisos that had specifics of their internet identities and phishing lures used. The hacking group was also identified in an unsuccessful 2022 attempt to steal data from Lawrence Livermore National Laboratory.
“Russian interference through malign foreign influence campaigns is deplorable, and the FBI is dedicated to combating this pervasive threat and will tirelessly seek to prevent and disrupt these criminal acts,” Assistant Director Bryan Vorndran of the FBI’s Cyber Division said. The U.S. wire and computer fraud charges carry a maximum combined prison term of 25 years.
Image: Mohamed_Hassan/Pixabay, Microsoft
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
