Russian intelligence service behind cyber attacks, says UK Foreign Office

Foreign Office says KGB'S successor agency is behind global campaign hitting critical infrastructure

The UK and allies have linked Russia’s Federal Security Service to 'a historic global campaign targeting critical national infrastructure'. EPA
Powered by automated translation

Live updates: follow the latest news on Russia-Ukraine

Russian intelligence services have hit national infrastructure including UK energy companies as well as the engineering and industrial sectors in a “calculated and dangerous” hacking campaign spanning nearly a decade.

The UK and western allies have linked Russia’s Federal Security Service (FSB), the successor agency to the KGB, to “a historic global campaign targeting critical national infrastructure”, the Foreign, Commonwealth and Development Office said on Thursday.

The department said the National Cyber Security Centre was “almost certain” that the FSB’s Centre 16, which it said was also known by its hacker group pseudonyms of Energetic Bear, Berserk Bear and Crouching Yeti, had attacked critical IT systems and national infrastructure in Europe, the Americas and Asia.

“Russia’s targeting of critical national infrastructure is calculated and dangerous,” said Foreign Secretary Liz Truss.

“It shows [Russian President Vladimir] Putin is prepared to risk lives to sow division and confusion among allies.”

It comes as the US Department of Justice unsealed two indictments charging four men, all Russian citizens who worked for the Russian government, in connection with hacking.

In the UK, the Foreign Office said Centre 16 had focused on engineering and industrial control companies, where “hackers may be able to access contact lists of hacked companies and establish long term access to networks”, and had also taken aim at UK energy companies.

It also linked the group to compromising software used by European manufacturers and wind turbine developers, gaining access through spear-phishing to European and North American energy sectors, stealing user information and entering the networks of US energy, nuclear, water, aviation and critical manufacturing sectors.

Spear-phishing is when targeted emails or text messages are sent to specific people, groups or organisations for malicious purposes such as data theft, espionage or fraud.

Centre 16 was also understood to have gained access to the email address of opposition leader Alexei Navalny, posing as the Russian Federal Tax Service to conduct spear-phishing against Russian citizens including the press secretary of Kremlin critic and former oligarch Mikhail Khordorkov, who now lives in the UK.

Separately, Ms Truss also added to the UK sanctions list a subsidiary of Russia’s Defence Ministry, the Central Scientific Research Institute of Chemistry and Mechanics, for an incident involving overriding the safety controls of a petrochemicals plant in Saudi Arabia in 2017.

“We are sending a clear message to the Kremlin by sanctioning those who target people, businesses and infrastructure,” Ms Truss said.

“We will not tolerate it.

“We will continue to work together with our allies to turn the ratchet and starve Putin’s war machine of its funding and resources.”

In 2020, the National Cyber Security Centre linked another Russian hacking group, APT29 — also known as Cosy Bear or The Dukes — with going after organisations working on Covid-19 vaccines.

It said the hacking group was “almost certainly” linked to the Russian state.

UN chief: ‘War in Ukraine is unwinnable’

UN chief: ‘War in Ukraine is unwinnable’

The FCDO on Thursday said APT29 fell under Russia’s Foreign Intelligence Service, the SVR.

Other groups such as APT28 — also known as Fancy Bear or Strontium — and Sandworm came under Russia’s military intelligence wing, the GRU.

APT28 was thought to be behind the September 2016 cyber attack on the World Anti-Doping Agency, where hackers accessed the personal information of athletes.

Updated: March 25, 2022, 4:02 AM