UPDATED 12:54 EST / DECEMBER 07 2023

SECURITY

UK reveals years-long Russian cyber-espionage activities

This probably comes as no surprise to anyone, but Britain’s Foreign Office revealed on Thursday that it has found long-term evidence of cyber-espionage targeting a variety of politicians, public officials and journalists by the FSB, Russia’s main security agency.

The activities were tracked back to 2015 to the present by a group called Star Blizzard by Microsoft Corp. and the Cold River Group by Google LLC’s threat intelligence groups. They used fake identities impersonating various government contacts that delivered spear-phishing emails to steal documents from both U.S. and U.K. sources.

The emails were disguised as tech support messages that were used to harvest credentials as a way to gain access to victims’ email accounts. In Microsoft’s blog post, the specific tactics used were described in detail, such as using server-side scripting to prevent network scans, hiding email and DNS TCP/IP addresses, and creating password-protected PDF files for further obscurity. Emails were sent using legit marketing services including HubSpot and MailerLite, to lend further legitimacy to the operations, as shown in the flowchart below.

A call chain displaying how the initial redirection is performed within HubSpot for campaign tracking, followed by redirection to actor-controlled infrastructure (the redirector server), and lastly redirection to actor-controlled infrastructure (the Evilginx server)

“There was a clear intent to use information they obtained to meddle in British politics,” U.K. Foreign Office minister Leo Docherty told the AP. Targets included the email accounts of nongovernmental organization managers, academics and the media, among others, with the purpose of undermining trust in the political processes, such as revealing early rounds of sensitive trade negotiations between the U.S. and the U.K.

As a result of these investigations, both the U.S. and the U.K. imposed sanctions on two Russian intelligence operatives earlier this week. Along with the two charged, other confederates were featured in a January report by Nisos that had specifics of their internet identities and phishing lures used. The hacking group was also identified in an unsuccessful 2022 attempt to steal data from Lawrence Livermore National Laboratory.

“Russian interference through malign foreign influence campaigns is deplorable, and the FBI is dedicated to combating this pervasive threat and will tirelessly seek to prevent and disrupt these criminal acts,” Assistant Director Bryan Vorndran of the FBI’s Cyber Division said. The U.S. wire and computer fraud charges carry a maximum combined prison term of 25 years.

Image: Mohamed_Hassan/Pixabay, Microsoft

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU