Russian hackers suspected of compromising British PM’s personal email account

Russia is suspected of compromising the personal email account of the British prime minister, Keir Starmer, before he entered office, according to a recently published book.

As reported by The Times — which is serializing the book, titled "Get In" — it “reveals that in 2022 Starmer, then the Labour leader in opposition, was told that his email account may have been compromised in a sophisticated ­campaign by Kremlin-linked hackers.”

According to the report, Starmer was forced to change his email address following the incident and add the basic and painless security protection of two-factor authentication which apparently had not been applied beforehand.

Britain’s National Cyber Security Centre (NCSC) had for years prior to the incident vocally encouraged the adoption of two-factor authentication. It is not clear why the then-leader of the opposition had failed to implement it beforehand. Neither NCSC nor the Cabinet Office immediately responded to a request for comment.

The Labour Party leader’s senior advisers were briefed on the hack by NCSC, a part of Britain’s cyber and signals intelligence agency GCHQ, according to the book. Starmer himself was told that while there was no evidence his personal emails had been published, there was no guarantee against any sensitive material being compromised.

The hack came at the same time as other British officials were being targeted by a state-sponsored threat group tracked variously as Iron Frontier, Callisto, Coldriver or Star Blizzard/Seaborgium, that the British government has assessed to be operating for the Russian intelligence services.

In late 2023, the British government summoned the Russian ambassador over the activities of the hacking group, which it outed as accountable to Center 18 of the Russian Federal Security Service (FSB) and accused of being behind a “sustained but unsuccessful” campaign of hack-and-leak operations designed to undermine democratic institutions.

At the same time, the U.S. Department of Justice charged two Russian nationals with being part of Center 18’s spearphishing campaigns dating back to 2016 — FSB officer Ruslan Aleksandrovich Peretyatko, and Andrey Stanislavovich Korinets, who was not described as an FSB officer but as the creator of the fraudulent domains.

According to the British government, Center 18’s previous targets in the United Kingdom include Sir Richard Dearlove, the former head of the Secret Intelligence Service (MI6); and a think tank called the Institute for Statecraft, which had worked on countering Russian information operations.

Following the hack of Dearlove’s email account, private correspondence between him and his associates appeared online as part of a disinformation narrative. The Institute for Statecraft ultimately shut down after its internal emails were published first by Russian media and then by outlets in the United Kingdom, prompting political controversy. To-date no such publication of Starmer’s emails appears to have taken place.