The UK authorities said that a Russia-associated threat actor known as Star Blizzard, Callisto Group, Seaborgium and Coldriver, has been responsible for a series of cyberattacks targeting politicians, civil servants, journalists, NGOs and other civil society organizations. The goal of the attacks was to obtain information that could be further used to interfere in UK political processes.
“The UK and allies have … exposed a series of attempts by the Russian Intelligence Services to target high-profile individuals and entities through cyber operations. The UK Government judges that this was done with the intent to use information obtained to interfere in UK politics and democratic processes. Centre 18, a unit within Russia’s Intelligence Services, the FSB, has been identified as being accountable for a range of cyber espionage operations targeting the UK,” the authorities said.
The attacks were carried out Star Blizzard which “is almost certainly subordinate to FSB Centre 18.” The hacker group is said to have been involved in targeting, including spear-phishing, of parliamentarians from multiple political parties, from at least 2015 through 2023, as well as the hack of UK-US trade documents that were leaked ahead of the 2019 General Election, the 2018 Institute for Statecraft intrusion and the 2021 hack of its founder.
The threat actor also targeted universities, journalists, the public sector, non-government organizations and other civil society organizations, many of whom play a key role in UK democracy.
In addition, the UK authorities sanctioned two members of Star Blizzard, Ruslan Peretyatko and Andrey Korinets aka Alexey Doguzhiev for their role in spearphishing campaigns that resulted in unauthorized access and exfiltration of sensitive data, which was intended to undermine UK organizations and more broadly, the UK government.
Last week, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the North Korean cyberespionage group Kimsuky for gathering intelligence to support North Korea’s strategic objectives, along with eight individuals associated with DPRK state-owned weapons exporters, financial institutions, and front companies. The US authorities also sanctioned two people involved in generating revenue for the North Korean government through the exportation of North Korean workers.