‘Ruthless’ Iranian and Russian hackers target UK journalists and politicians

Warning after groups attempt to get users to click malicious links through impersonation

Hacking targets were usually those doing research and work on Iran and Russia
Powered by automated translation

British cybersecurity officials are warning that hacking groups linked to Russia and Iran are duping people into clicking malicious links.

In an advisory, the National Cyber Security Centre (NCSC), part of Britain's GCHQ eavesdropping intelligence agency, said Russia-based hacking group Cold River researches its targets and impersonates people around them using faked email addresses and social media profiles.

Targets were usually those doing research and work on Iran and Russia, often those working in politics and journalism, the NCSC said.

Once a rapport has been built with a target, Cold River hackers encourage the target to click on a malicious link which tricks them into entering their login credentials on a website controlled by the group, the advisory said.

“These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems,” said Paul Chichester, the centre’s director of operations.

“We strongly encourage organisations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”

The centre advised the use of strong passwords, multifactor authentication and email vigilance including disabling mail-forwarding to reduce the risk of being hacked.

A second, Iran-based, group known as Charming Kitten has deployed the same “spear-phishing” techniques to gather information, according to the NCSC.

Iran's mission to the UN in New York said the Iranian government had no knowledge of the group.

Since Russia's invasion of Ukraine, Cold River has escalated its hacking campaign against Kyiv's allies, cybersecurity researchers and western government officials told Reuters.

Western officials say the Russian government is a global leader in hacking and uses cyber-espionage against foreign governments and industries to seek a competitive advantage.

Moscow, however, has consistently denied that it carries out hacking operations.

Updated: January 26, 2023, 10:19 AM

View from London

Your weekly update from the UK and Europe

View from London