UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador

The British government accused a unit of Russia’s Federal Security Service (FSB) on Thursday of using cyberattacks in a “sustained but unsuccessful” campaign to undermine democratic institutions in the country.

In a statement to the House of Commons, minister Leo Docherty said the Russian ambassador had been summoned so that the government could raise the issue and stress that the political interference is unacceptable.

Since 2015, the personal email accounts of hundreds of individuals in Britain, including high-profile politicians from multiple political parties, has been targeted by the campaign, reportedly including the account of then trade minister Liam Fox back in 2019.

The group behind these hacks — tracked by several companies as Calisto, COLDRIVER or Star Blizzard/SEABORGIUM — was formally attributed by the British government to officers working for Centre 18 of the FSB.

The United Kingdom named Ruslan Peretyatko as one of the FSB Centre 18’s officers on Thursday morning, alongside naming Andrew Korinets as a member of the Callisto Group, and added both men to its Cyber Sanctions list.

“The sanctions announced today are the result of a lengthy and complex investigation by the National Crime Agency, demonstrating that hostile Russian cyber actors were behind repeated, targeted attacks designed to undermine the UK,” said James Babbage.

“This action sends a clear message to criminals targeting the UK wherever in the world they may be; we know who they are, they are not immune to our action, and we will not stop in our efforts to disrupt them,” added the NCA’s director general for threats.

The United States and European Union were expected to make supporting statements later on Thursday.

Read More: US charges two Russians in hacks of government accounts

Alongside the British announcement, Microsoft published a blog post detailing the group's activities and warning “the actor continues to refine their tradecraft to evade detection.”

Officers at the FSB’s Centre 18 were previously charged in the U.S. with recruiting criminal hackers to target email services run by both Yahoo and Google.

According to the U.S., in that episode the targets “were of predictable interest to the FSB,” and included “personal accounts belonging to Russian journalists; Russian and U.S. government officials; employees of a prominent Russian cybersecurity company; and numerous employees of other providers whose networks the conspirators sought to exploit.”

In the case of Liam Fox, the FSB group selectively leaked and amplified this stolen information which was subsequently cited by the opposition leader Jeremy Corbyn during the United Kingdom’s 2019 election.

“Russia’s attempts to interfere in UK politics are completely unacceptable and seek o threaten our democratic processes. Despite their repeated efforts, they have failed,” said British Foreign Secretary David Cameron.

The British government had previously accused Russia of attempting to interfere in the 2019 election “through the online amplification of illicitly acquired and leaked government documents.”

At the time the Russian government, which has also been accused of attempting to interfere in elections in the United States and France, denied the British allegations.

Officials in Westminster have consistently described Russian interference targeting the country as “unsuccessful,” although this assessment has been criticized.

Back in February 2019, MPs on a parliamentary committee investigating Russian interference complained that “the term ‘successful’ is impossible to define in retrospect.”