The UK and US governments on Thursday accused Russian security services of engaging in an ongoing cyber-espionage campaign against leading politicians, journalists and NGOs.
Russia has been suspected of meddling in UK politics in the past, including the divisive 2016 Brexit referendum, but the Conservative government has been criticized for failing to investigate.
In its latest claims, the foreign ministry said Russia’s Federal Security Service (FSB) was behind “unsuccessful attempts to interfere in UK political processes” and said it summoned the Russian ambassador in London over the issue.
US prosecutors on the other hand unsealed charges against two Russian nationals for hacking computer networks in Britain, the United States and other NATO countries.
Those two people now face sanctions in both countries.” Russia’s attempts to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes,” said the UK Foreign Minister. David Cameron in a statement.
“By approving those responsible and summoning the Russian ambassador today, we are exposing their evil attempt at influence and shining another example of how Russia chooses to act around the world,” he said.
Cameron’s office said Center 18, a unit within the FSB, was responsible for “a range of cyber espionage operations” targeting the UK.
One of the two men indicted in the United States was an officer of that unit.
The UK government has admitted that the FSB has targeted parliamentarians from various political parties, with some attacks resulting in documents being leaked in an operation from at least 2015 to 2023.
The organization also hacked UK-US trade documents that were leaked ahead of the UK general election in December 2019, it added.
The two men indicted in the United States, Ruslan Aleksandrovich Peretyatko and Andrei Stanislavovich Korinets, are not in US custody. The two charges against them carry a maximum sentence of five and 20 years, respectively.
The foreign office said Peretyatko and Korinets were authorized for their participation in the preparation of so-called spear-phishing campaigns and “activity intended to undermine the UK”.
Spear-phishing involves sending malicious links to specific targets “to try to persuade them to share sensitive information”.
Attackers often perform “reconnaissance activity around their target” to make the attacks more effective, according to the UK’s National Cyber Security Center.
The two men are accused of targeting current and former US officials at the Pentagon, State Department, Department of Energy facilities and the intelligence community from at least 2016 to 2022.
“Both are currently being sought by the FBI and are believed to be in Russia,” a senior FBI official told reporters on condition of anonymity.
The State Department is offering a reward of up to $10 million for information leading to their location and capture.
In January, UK cyber-security chiefs warned that Russia and Iran were increasingly targeting government officials, journalists and NGOs with phishing attacks to “compromise sensitive systems”.
The NCSC, part of the UK’s signals intelligence agency GCHQ, is urging greater vigilance about the techniques and tactics used as well as mitigation advice.
It said Russia-based group SEABORGIUM and Iran-based TA453 targeted a range of organizations and individuals in the UK and abroad throughout 2022.
Last year, a British newspaper reported that suspected Kremlin agents hacked ex-prime minister Liz Truss’ cellphone when she was foreign minister.
A source told The Mail on Sunday that up to a year’s worth of messages were hacked including “very sensitive discussions” about the war in Ukraine.
The hack was discovered in 2022, when Truss was campaigning to become leader of the Conservative party to replace Boris Johnson as prime minister, the paper reported.
Foreign Office Minister Leo Docherty told MPs in the House of Commons on Thursday that the cyber threat posed by Russia was “real and serious”.
“They create fake accounts, pretend contacts, appear legitimate and create a believable approach that seeks to build a relationship before delivering a malicious link to even a document or website of interests,” he said.