The UK government and the United States on Thursday accused Russian security services of engaging in a sustained cyber-espionage campaign against top politicians, journalists and NGOs.
Russia has been suspected of meddling in UK politics before, including the divisive 2016 Brexit referendum, but the Conservative government has been criticised for failing to investigate.
In the latest claims, the foreign ministry said Russia’s Federal Security Service (FSB) was behind “unsuccessful attempts to interfere in UK political processes” and said it had summoned Russia’s ambassador to London about the issue.
US prosecutors meanwhile unsealed charges against two Russian nationals over the hacking of computer networks in Britain, the United States and other NATO countries. Those two men now face sanctions in both countries.
“Russia’s attempts to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes,” UK Foreign Secretary David Cameron said in a statement.
“In sanctioning those responsible and summoning the Russian ambassador today, we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage,” he said.
Cameron’s office said Centre 18, a unit within the FSB, was accountable for “a range of cyber espionage operations” targeting the UK.
One of the two men charged in the United States was an officer in that unit.
– ‘Documents leaked’ –
The UK government claimed the FSB targeted parliamentarians from various political parties, with some attacks resulting in documents being leaked in an operation from at least 2015 to 2023.
The organisation had also hacked UK-US trade documents that were leaked ahead of the UK general election in December 2019, it added.
The two men indicted in the United States, Ruslan Aleksandrovich Peretyatko and Andrei Stanislavovich Korinets, are not in US custody.
Each faces one charge that carries a maximum sentence of five years for Peretyatko and up to 10 years for Korinets, the Justice Department said, updating an earlier statement.
The foreign office said Peretyatko and Korinets had been sanctioned for their involvement in the preparation of so-called spear-phishing campaigns and “activity intended to undermine the UK”.
Spear-phishing involves sending malicious links to specific targets “to try to induce them to share sensitive information”.
Attackers often undertake “reconnaissance activity around their target” to make the attempts more effective, according to the UK’s National Cyber Security Centre.
The two men are accused of targeting current and former US officials at the Pentagon, State Department, Department of Energy facilities and in the intelligence community from at least 2016 to 2022.
“Both are currently wanted by the FBI and believed to be in Russia,” a senior FBI official told reporters on condition of anonymity.
The State Department is offering a reward of up to $10 million for information leading to their location and arrest.
– Targeting officials –
In January, UK cyber-security chiefs warned that Russia and Iran were increasingly targeting government officials, journalists and NGOs with spear-fishing attacks in order to “compromise sensitive systems”.
The NCSC, part of the UK’s signals intelligence agency GCHQ, urged greater vigilance about techniques and tactics used as well as mitigation advice.
It said the Russia-based group SEABORGIUM and the Iran-based TA453 had targeted a range of organisations and individuals in the UK and abroad throughout 2022.
Last year, a British newspaper reported that suspected Kremlin agents hacked ex-prime minister Liz Truss’s cellphone when she was foreign minister.
A source told The Mail on Sunday that up to a year’s messages were hacked including “highly sensitive discussions” on the war in Ukraine.
The hacking was discovered in 2022, when Truss was campaigning to become Conservative party leader to succeed Boris Johnson as prime minister, the paper reported.
Foreign office minister Leo Docherty told MPs in the House of Commons on Thursday that the cyber threat posed by Russia was “real and serious”.
“They create false accounts, impersonate contacts, appear legitimate and create a believable approach seeking to build a rapport before delivering a malicious link to either a document or website of interests,” he said.