Security

NCA cyber investigation leads to sanctions for hostile actors linked to Russia's FSB

Posted 5 January 2024

Last month, the UK and allies exposed the Russian Intelligence Services behind attempts to interfere in UK politics and democratic processes, with sanctions brought against two members of a group operated by Russian Federal Security Service (FSB) officers, following an investigation by the UK's National Crime Agency (NCA).

Above: James Babbage, Director General for Threats, National Crime Agency (NCA).
Courtesy NCA

Centre 18, a unit within Russia’s FSB, has been identified as being accountable for a range of cyber espionage operations targeting the UK, including high-profile parliamentarians and entities.

This activity has been conducted by Star Blizzard, also commonly known as Callisto Group, SEABORGIUM and COLDRIVER, a group the UK’s National Cyber Security Centre (NCSC) – a part of GCHQ - assess are almost certainly subordinate to FSB Centre 18.

Following a National Crime Agency investigation, the UK has also sanctioned two members of Callisto Group, aka Star Blizzard, for their involvement in the preparation of spear-phishing campaigns and associated activity that resulted in unauthorised access and exfiltration of sensitive data, which was intended to undermine UK organisations and more broadly, the UK government.

James Babbage, Director General for Threats at the National Crime Agency (NCA), said: “The sanctions announced are the result of a lengthy and complex investigation by the NCA, demonstrating that hostile Russian cyber actors were behind repeated, targeted attacks designed to undermine the UK.

“This action sends a clear message to criminals targeting the UK wherever in the world they may be; we know who they are, they are not immune to our action, and we will not stop in our efforts to disrupt them.

“Alongside our partners, we are determined to hold to account those who seek to threaten our national security and undermine democracy.”

The UK Foreign Secretary David Cameron has described these attempts to interfere in UK politics as “completely unacceptable” seeking to threaten our democratic processes.

To support the announcement, the NCSC and partners from the United States, Australia, Canada and New Zealand, issued a new cyber security advisory , sharing technical details about how the actors carry out attacks and how targets can defend against them.

The NCSC also published refreshed guidance for individuals at higher risk of being targeted by capable actors so as to help improve their resilience to a range of potential cyber threats.

Paul Chichester, NCSC Director of Operations, said: "Defending our democratic processes is an absolute priority for the NCSC and we condemn any attempt which seeks to interfere or undermine our values.

"Russia’s use of cyber operations to further its attempts at political interference is wholly unacceptable and we are resolute in calling out this pattern of activity with our partners.

"Individuals and organisations which play an important role in our democracy must bolster their security and we urge them to follow the recommended steps in our guidance to help prevent compromises."

The refreshed guidance is designed to help high-risk individuals improve their security posture by putting measures in place to protect their devices and online accounts. This includes setting up two-step verification, creating strong passwords and installing updates promptly.