UK Blames Russia’s Star Blizzard for Years of ‘Sustained’ Cyber Attacks 

The Russian spy agency Star Blizzard has been accused of targetting British politicians, journalists, and public organisations in ‘sustained’ cyber attacks over several years. 

The UK's Nation Cyber Security Centre revealed today that MPs, journalists, and ex-head of MI6 are just some of those to have been targeted by the group since at least 2015.

It claimed that the hacking and “spear-fishing” attacks conducted by Star Blizzard had been directed at a “large number of high-profile victims, many of whom are recognisable names across the political parties.”

The attacks – which were also aimed at civil servants, the media, civil society organisations and others – had focused on the politicians’ emails, gaining access to and leaking private communications of several of the “hundreds” of victims targeted.

The UK’s intelligence agencies believe these attacks served to undermine trust in politics in the UK and of Britain’s allies and that the attacks had been going on since at least 2015.

They accused Star Blizzard and the Kremlin of hacking and leaking information in a bid to influence British elections, including a leak of UK-US trade documents, which were brandished by then Labour leader Jeremy Corbyn before the 2019 general election, and an attack on the Institute for Statecraft that same year. 

Other targets have allegedly included the NHS, schools, and former MI6 chief Sir Richard Dearlove. Deputy Prime Minister Oliver Dowden said 40% of attacks were against the public sector, including a "complex" operation against the Electoral Commission.

“Russia’s attempts to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes, Foreign Secretary Lord Cameron said in a statement discussing the Kremlin-backed cyber attacks. 

“Despite their repeated efforts, they have failed. In sanctioning those responsible and summoning the Russian Ambassador today, we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage.

“We will continue to work together with our allies to expose Russian covert cyber activity and hold Russia to account for its actions.”

Who is Star Blizzard?

Star Blizzard is a cyber actor linked to the Russian Federal Security Service (FSB) that is known for using spear-phishing attacks to target organizations and individuals in the UK and steal sensitive data. 

Also known as Coldriver, Seaborgium and Blue River, the group uses a range of sophisticated techniques to attack its targets, including spear-phishing, watering holes, and zero-day exploits. It is also believed to be capable of manufacturing its advanced malware, designed to damage and steal data from a target’s IT systems.

Star Blizzard has been involved in several high-profile cyberattacks in recent years, including the 2020 SolarWinds hack, the 2021 Microsoft Exchange hack, and the NotPetya ransomware attack on Ukraine. 

Two Russians are being sanctioned by the Foreign Office for being directly linked to the Group. The first is Ruslan Aleksandrovich Peretyatko, who it described as "a Russian FSB intelligence officer and a member of Star Blizzard.”

The second s Andrey Stanislavovich Korinets, also known as Alexey Doguzhiev, who was described as "a member of Star Blizzard, aka the Callisto Group".

A previous report for the US Congress on Russian cyber units identified Star Blizzard as one of two primary hubs overseeing the FSB's security and cyber operations, along with Centre 16.

Rafe Pilling, director of threat intelligence at cybersecurity firm Secureworks, said the two groups are responsible for a "significant proportion of offensive Russian cyber activity. 

He warned that they had become "more sophisticated" over time, with hackers going through multiple stages of exchanging emails to gain trust before delivering a malicious payload - like malware - to steal data.

"Spies go where the information is - and people's mailboxes are where a significant chunk of this is," he said. "It's quite traditional espionage."

Russian cyber attacks on the UK 

Britain has accused Russian hacking groups of targeting the country before, but these have not always been linked directly to the Kremlin. State-sponsored Russian attacks have spiralled since the Russian invasion of Ukraine. 

Just last month, the Russian group Killnet took responsibility for an attack on the Royal Family's official website that took it down for several hours. 

Meanwhile, In September, the Russia-linked ransomware gang LockBit leaked top-secret data belonging to the UK Ministry of Defence to the dark web following a cyber attack on the security firm Zaun.

The leaked data included thousands of pages of top-secret information that could help criminals compromise UK military and security sites including HMNB Clyde nuclear submarine base, the Porton Down chemical weapon lab and a GCHQ listening post.

I was a victim of the FSB cyber espionage attack - I want the government to prosecute those intentionally aiding Russian interference operations... https://t.co/UxNuY7pyb3

— Paul Mason (@paulmasonnews) December 7, 2023

LockBit was also responsible for the large-scale ransomware attack on the NHS last summer, which forced crucial medical systems offline and forced doctors to keep patient records on pieces of scrap paper.

“LockBit has already been responsible for some of this year’s biggest cyberattacks as well as the exploitation of the MOVEit vulnerability," said Paul Brucciani, Cyber Security Advisor at WithSecure.

“The significance of this attack is that by undermining IT security, it is also possible to undermine the physical security of its customers.”