UK election cyber-attack warning after Putin’s hackers target US
Putin-backed Russian hackers behind a large-scale attack on the US are engaging in a campaign of “cyber warfare” ahead of elections in America and the UK, security sources have warned.
This week US officials said they had worked with allies to disrupt an international hacking network operated by APT 28, better known as Fancy Bear – a cyber espionage unit of Russia’s foreign military intelligence agency, the GRU.
The group had gained access to more than 1,000 personal and small business routers in the US and around the world, using the infected devices to launch “harvesting campaigns” against targets of “intelligence interest” to the Russian government, according to the US Justice Department.
It was the latest salvo in Russia’s “long term strategic plan of cyber warfare” against Western democracies, one serving UK intelligence source told i.
They warned that with the US set to go to the polls in November, and a UK election this year, the threat is only set to increase.
“[This is] just the tip of the iceberg,” the source said.
Fancy Bear was one of two Russian hacking groups which infiltrated Democratic party computer systems before the 2016 Presidental election, releasing troves of emails that damaged Hilary Clinton’s campaign.
The group also tried to disrupt the 2015 UK general election, and planned to target every Whitehall server, including the Foreign Office and Ministry of Defence, and every major TV broadcaster, including the BBC, Channel 4 and Sky.
That attack was thwarted by GCHQ, which is responsible for the security services’ communications surveillance, before the hackers could cause any damage.
It was the first known time a Russian-based hacking group had targeted Britain’s political system and described by then independent reviewer of terrorism legislation, David Anderson KC, as a “possible imminent threat” to the UK.
An insider at GCHQ told i that Fancy Bear had been around “a long time” and warned that hackers working for Russian intelligence would be “fully operational against us” with elections on the horizon.
And a cyber security source previously stationed in the Foreign Office added that the group were “efficient and difficult to dislodge once they get in.”
“They are really good at compromising big bits of infrastructure,” the source said.
In 2018 it was reported that Fancy Bear had successfully breached the private networks of Germany’s defence and interior ministries’. It is thought the hack may have lasted up to a year.
Four years earlier, the group infiltrated the French broadcaster TV5Monde, disrupting the channel’s scheduled programming for 18 hours and replacing it with a screen showing an Isis terror flag. It was this attack which helped GCHQ identify the culprit in the 2015 election hack.
On Thursday night, after details of the latest attack emerged, FBI Director Christopher Wray said: “Russia’s GRU continues to maliciously target the United States through their botnet campaigns.
“This type of criminal behavior is simply unacceptable, and the FBI, in coordination with our federal and international partners, will not allow for any of Russia’s services to negatively impact the American people and our allies.”
US deputy attorney general, Lisa Monaco, said it was the second time in two months that the department had disrupted state-sponsored hackers from launching cyberattacks behind the cover of compromised routers.
The National Cyber Security Centre declined to comment.
