A former head of MI6 was among hundreds of public officials, civil servants and MPs targeted in a Russian hacking operation masterminded by a bodybuilder.
The Russian Federal Security Service (FSB) is accused of having orchestrated the operation over eight years in which hackers targeted personal email accounts to access private conversations and other material.
Victims included Sir Richard Dearlove, the chief of MI6 between 1999 and 2004, who was targeted when a colleague clicked on a malicious email link. Other targets included MPs, civil servants, academics, think tanks and journalists.
The government said the campaign, by a hacking group called Star Blizzard that answers to the FSB, was part of Russia’s sustained efforts to interfere in British politics and democracy. Security officials are concerned that Russian hacking and disinformation are a threat at the general election.
Star Blizzard, also known as Cold River and the Callisto Group, is allegedly run by Ruslan Aleksandrovich Peretyatko, an FSB intelligence officer, and Andrey Stanislavovich Korinets, an IT worker. Both were sanctioned by the UK on Thursday and US officials offered $10 million for any information about them.
Oliver Dowden, the deputy prime minister, said that hackers had “leaked and amplified information designed to undermine trust in politics”.
The Foreign Office said: “It is likely that Russia and other adversaries will continue to make attempts to use cyber means to interfere in UK politics.”
Korinets was believed to be based at an FSB outpost in the industrial city of Syktyvkar, more than 800 miles from Moscow, which is best known as a jumping point to the Ural Mountains.
The IT worker, who once ran an online hacking newsletter, was traced via email accounts to the city, where he is alleged to have worked since 2015 on behalf of the FSB. Some of the hacking activity has been publicised in recent years but for the first time on Thursday the British government blamed his group, Star Blizzard, which is said to be subordinate to the FSB’s Centre for Information Security, known as Centre 18.
Lord Cameron of Chipping Norton, the foreign secretary, said that Russia’s attempts to interfere in UK politics were a “completely unacceptable” attempt to “threaten our democratic processes”.
Hackers are accused of intercepting private communications of politicians, civil servants, journalists, academics and charity workers. The Foreign Office said that Star Blizzard was involved in the hacking of UK-US trade documents, obtained from the Tory MP Liam Fox’s email account, that were leaked ahead of the 2019 general election. They were brandished by Jeremy Corbyn, then the Labour leader, at a press conference where he warned the Conservatives would put the NHS “on the table” in post-Brexit talks. Corbyn declined to reveal the source but said claims of interference were “nonsense”. He did not respond to requests for comment.
The emails of Dearlove, the former head of MI6, were also targeted. Last year Reuters revealed a Russian operation to obtain emails from him and other Brexiteers in which they aired grievances about Theresa May’s willingness to seek compromises with the European Union. Dearlove said on Thursday that a colleague’s emails were hacked before his email was targeted. His correspondence was then passed by the hackers to a pro-Kremlin supporter in the UK before they were “twisted all over the place”. Some of the material appeared doctored, he said.
An attempt to infiltrate St Andrews University, one of the UK’s most prestigious, was thwarted when the hackers began their email: “I hope this finds you well.” Dame Sally Mapstone, the university’s principal, had banned email niceties, so the fake message purportedly from Stephen Gethins, an international relations professor, to Phillips O’Brien, professor of strategic studies, was spotted.
Gethins, a former SNP MP, said: “St Andrews is doing important work on analysis of Russian strengths and weaknesses in Ukraine, so it wasn’t altogether a surprise that we were targets along with other academics working in strategically significant areas. It was important for the government to call it out in the strongest possible terms. That’s a positive step, but let’s not be under any allusions that this will check Russian behaviour. It’s a reason to increase our vigilance, not relax it.”
Star Blizzard also hacked into the Institute for Statecraft, a pro-democracy think tank based in Fife. Its website is still down as part of the Russian campaign to undermine its work “researching, publicising and countering the threat to European democracies from disinformation and other forms of hybrid warfare”.
Also targeted were MPs who have been vocal about Ukraine and supportive of the Nato alliance, including Stewart McDonald, the SNP’s former defence spokesman.
Stewart, whose emails were all taken, said: “Hacking is not a victimless crime. I know from personal experience and from talking to others who have similarly been targeted by Russia that it is deeply invasive and unpleasant. We must all up our vigilance against a full spectrum of hybrid threats.”
An investigation by Reuters this year tracked Korinets to Syktyvkar because he used personal emails to set up infrastructure used in Cold River phishing activities. He denied knowledge of Cold River but told Reuters that he had been in trouble as a teenager for hacking. The news agency revealed he once ran the “Syktyvkar Underground eZine”, an online newsletter dedicated to hacking, and was a keen bodybuilder who can bench-press 297.6lbs (135kg).
The National Cyber Security Centre, an arm of GCHQ, released a cybersecurity advisory on Thursday on how to defend attacks such as spear phishing, which can be thwarted with two-factor authentication and strong passwords.
It said: “The malicious activity exposed today is part of a broader pattern of cyber-activity conducted by the Russian intelligence services across the globe.”
The Foreign Office stressed that ultimately Russia’s attempts to interfere with democracy had not been successful.
