Russian cyberattackers have been accused of damaging British democracy in the run-up to next year’s general election.
The UK says MPs, journalists, think tanks and a former head of MI6 are among the targets of hacking operations linked to the Kremlin.
Here’s what we know so far.
Who are these attacks?
Russia’s FSB Centre 18 has been named by the UK as the source of the attacks.
In intelligence circles, it’s also going through other names, adding Iron Frontier and Star Blizzard.
The United Kingdom has appointed two members: Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets.
The FSB, or Federal Security Service, is Moscow’s agency.
An earlier U. S. Congressional report on Russian cybersecurity points to Center 18 as one of two centers that oversee the FSB’s security and cyber operations, along with Center 16.
Rafe Pilling, director of risk intelligence at cybersecurity firm Secureworks, said the two men were involved in a “significant proportion of Russian offensive cyber activity. “
When Center 18 is involved, it suggests that it is a “state-owned enterprise,” he added.
Its officers were indicted for breaching US internet company Yahoo and millions of email addresses in 2017, and Ukrainian intelligence has also found evidence of it having a presence in Russian-occupied Crimea.
FSB units like Centre 18 are believed to be capable of manufacturing their own advanced malware, designed to damage and steal data from a victim’s computer systems.
They are also believed to collaborate with Russian hacker teams such as Cozy Bear, Fancy Bear, and Sandworm.
What do they do?
Phishing emails, in which hackers try to trick their targets into revealing sensitive information, are not an unusual tactic.
Pilling said they’ve become “more sophisticated” over time, with hackers going through several stages of exchanging emails to accept them as real before handing over a malicious payload, such as malware, to borrow data.
Given its ties to Moscow, Center 18 collaborates primarily with diplomats, politicians, and other public sector organizations and individuals.
Pilling described his operations as “simple espionage work. “
“Spies pass where the data is, and it’s in people’s mailboxes that a lot of that data is located,” he said.
“It’s classic espionage. “
How did the UK take aim?
Britain believes hackers associated with Centre 18 have targeted “high-profile people within the political sphere”, journalists, and think tanks over several years.
They are accused of hacking and leaking with the aim of influencing the British election.
This includes a leak of UK-US trade documents, which were brandished by then Labour leader Jeremy Corbyn before the 2019 general election, and an attack that same year on the Institute for Statecraft.
Other targets have allegedly included the NHS, schools, and former MI6 chief Sir Richard Dearlove.
Deputy Prime Minister Oliver Dowden claimed that 40% of the attacks targeted the public sector, a “complex” operation that the Electoral Commission opposes.
British intelligence agencies have in the past accused Russian hacker teams of attacking the country, but they have not been directly connected to Kremlin offices.
In September, the government sanctioned 11 members of the Trickbot organization for attacking UK hospitals during the COVID pandemic. They would later offer their help for Vladimir Putin’s invasion of Ukraine.
Last month, the Russian Killnet claimed responsibility for an attack on the royal family’s official website.
This week, groups linked to Russia and China were accused of hacking computer systems at the Sellafield nuclear site.
How worried are we?
Dowden said the purpose of Russia and other hostile actors like Iran and China is to undermine the elections.
“The new line is online,” he said of the threats facing the U. K. and its allies.
But the government has insisted that Russia’s efforts have succeeded.
“Despite their repeated efforts, they have failed,” Foreign Secretary David Cameron said.
Mr Pilling said the attacks “tend not to have the impact the Russians would like”, but that they would likely continue despite the UK’s decision to name and shame suspects.
Russia was accused of interfering in the 2016 US election and Brexit referendum, and will likely look to target both countries’ elections in 2024.
The National Cyber Security Centre, along with the UK, Australia, New Zealand and Canada, is set to release new cybersecurity guidelines to protect high-profile targets against long-term attacks.