Russia’s intelligence service has carried out a yearslong cyberattack campaign against high-profile politicians, civil servants, journalists, and others, according to the British government, as part of what it called “unsuccessful attempts to interfere in U.K. political processes.”
The announcement, part of a joint action with allies including the United States, which announced related indictments and sanctions on Thursday, was intended to sound the alarm that Russia intends to sow chaos and doubt ahead of elections in the United States and Britain.
Britain’s Foreign Office, in a statement released on Thursday, said a group “almost certainly” linked to the Russian intelligence service engaged in sustained cyberespionage operations, including attacks that targeted lawmakers from across the political spectrum using spear-phishing attacks, or malicious emails, beginning as early as 2015.
The group also “selectively leaked and amplified the release of information in line with Russian confrontation goals, including to undermine trust in politics in the U.K. and like-minded states,” the Foreign Office said, drawing from an investigation from Britain’s intelligence agency.
Some of that information, including hacked trade documents between Britain and the United States, was leaked ahead of Britain’s general election in 2019.
Universities, journalists, the public sector, charities, and other organizations were also targeted, according to the government, which warned that while Russia’s attempts to undermine democracy have been so far unsuccessful, they are likely to continue.
Russia did not immediately respond to the accusations, but it has in the past denied any state-sponsored attacks against other countries or entities.
The British statement also linked a 2018 hack of the Institute for Statecraft, a British research organization focused on disinformation, and a 2021 hack of a founder of that organization, whose account was compromised. “In both instances documents were subsequently leaked,” the statement said.
The group identified by the British authorities is often known as Star Blizzard, and has a history of conducting “hack and leak” campaigns, in which stolen information is then leaked publicly to influence public opinion in a targeted country, Microsoft, which has been tracking the group since 2017, said last year.
Before starting an attack, the group is known to conduct reconnaissance of the people it is targeting, including identifying contacts from their social networks or “sphere of influence,” Microsoft said. Using names collected from that research, the group then creates fake LinkedIn profiles, email addresses, and social media accounts to trick their targets into engaging in correspondence. At a certain point, they include an infected file in the communications to get access to the target’s data.
The group’s work did not appear to be directly related to Moscow’s efforts to interfere with 2016 and 2020 U.S. elections, F.B.I. officials said on Thursday, but were part of President Vladimir V. Putin’s broader efforts to undermine confidence in democratic institutions.
The hacks fit a pattern of Russian behavior stretching back more than a decade. Russia-aligned groups have been accused of infiltrating government agencies, multinational corporations, and other organizations across the United States and Europe. Mixed with online disinformation campaigns, the incursions have tried to influence elections, conduct espionage, and sow social discord among Western democracies.
Even as the United States and European allies have bolstered their cyberdefenses, the attacks disclosed on Thursday show how any protections can be undercut by a simple mistake by an individual who clicks or downloads malicious files. David Cameron, Britain’s recently appointed foreign secretary who previously served as the country’s prime minister, said in a statement that the attempts by Russia “to interfere in U.K. politics are completely unacceptable and seek to threaten our democratic processes.”
“Despite their repeated efforts, they have failed,” he said. “In sanctioning those responsible and summoning the Russian ambassador today, we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage.”
In addition to summoning the Russian ambassador to Britain, the British government announced sanctions against two people linked to Star Blizzard. That group, the government said, was “almost certainly subordinate” to Center 18, a unit of the F.S.B., Russia’s Intelligence Services, that it said directed the cyberespionage operations.
The two people named in the sanctions are Ruslan Aleksandrovich Peretyatko, who Britain said is a Russian F.S.B. intelligence officer and a member of Star Blizzard; and Andrey Stanislavovich Korinets, who is also a member of Star Blizzard.
In coordination with British authorities, U.S. prosecutors unsealed indictments against the two men on Thursday, accusing Moscow of engaging in a wide-ranging spearfishing campaign to hack into the accounts of American government officials from 2016 to 2022.
The U.S. attorney in San Francisco, Ismail J. Ramsey, charged both men with conspiracy to commit computer and wire fraud, which carries a maximum penalty of 25 years in prison if they are ever caught, tried, or convicted. Officials conceded that was unlikely.
He accused the defendants of “attempting to create chaos in democratic processes,” in a statement.
The men were able to “take valuable intelligence from their victims’ accounts at will, including intelligence related to United States defense, foreign affairs, and security policies, as well as nuclear energy-related technology, research, and development,” according to the indictment.
Hacking victims included a former U.S. ambassador; ex-intelligence officials; current and former defense officials, including a retired Air Force general; and current defense contractors, prosecutors said.
It is not clear how damaging the breach was. But prosecutors said the two men succeeded in hacking into the account of an employee of the Energy Department with a goal of stealing information on nuclear energy technology, according to senior federal law enforcement officials.
In addition to the Justice Department’s indictment, the State and Treasury departments have also sanctioned the two men, and the government has also offered a $10 million reward for their capture or new information about co-conspirators.
Britain’s National Cyber Security Center, part of its intelligence service, said that it had issued a new cybersecurity advisory, along with Australia, Canada, New Zealand, and the United States, and published updated guidance for people at higher risk of cyberthreats.
“Russia’s use of cyberoperations to further its attempts at political interference is wholly unacceptable, and we are resolute in calling out this pattern of activity with our partners,” said Paul Chichester, the center’s director of operations, adding that “individuals and organizations that play an important role in our democracy must bolster their security.”