Російські кіберзлочинці зламали Міністерство закордонних справ Великої Британії: інформація посадовців продається в глибинній мережі

Russian hackers pilfered credentials belonging to UK Foreign Ministry employees and local authorities. Logins and passwords were put up for sale on the dark web for over £40,000.

Russian hackers breached UK Foreign Ministry

Russian hackers breached UK Foreign Ministry / © pixabay.com

Russian hackers pilfered logins and passwords of UK Foreign Ministry staff, as well as representatives of local government bodies. The officials’ credentials were put up for sale on the dark web for over 40,000 pounds sterling.

This is reported by The Telegraph.

Russian hackers compromised UK government accounts and offered them for sale

The large-scale national security data breach was facilitated by an intrusion into the email inboxes of British officials and Foreign Ministry overseas personnel.

Researchers have dubbed this sophisticated and ongoing attack FortiBleed. The unauthorized system access obtained by the hackers poses a risk of further infiltration into other government departments.

The attack compromised over 80,000 firewalls from the cybersecurity company Fortinet. Russian hackers exploited a vulnerability in the systems and previously stolen data to bypass the security settings of several critical UK national infrastructure sites.

According to lists of compromised accounts, passwords and email addresses of diplomats abroad and local government officials have become publicly accessible. Specifically, this includes IT personnel at British embassies in Thailand and Mauritius, as well as employees in Derbyshire and Waltham Forest.

Currently, access to this data on dark web forums is being offered by a user under the nickname “SantaAd”. In addition to government structures, logins for critical infrastructure organizations are also up for sale: the National Health Service (NHS), energy providers, and key pharmaceutical distributors.

The compromise of this data could lead to a medical catastrophe in the UK. Medical providers are prime targets for Russians, as disruptions to their IT systems would immediately paralyze the daily operations of hospitals. Patients are having surgeries and appointments cancelled.

The Russian connection

Cybersecurity researcher Volodymyr Dyachenko first detected the active attack. According to him, hackers are using valid credentials from past leaks and are turning compromised devices into hubs for collecting new information.

The breach granted access to the “core networks” of the Foreign Ministry, and other departments could be at risk.

Code analysis suggests that the hacking tools are written in Russian. The UK’s National Cyber Security Centre (NCSC) has issued a call for an immediate network audit and isolation of all compromised devices. The Russian attack has been described as a “brute-force” method.

There is no direct evidence of the involvement of Russian state structures in this breach. However, experts note that the Kremlin deliberately ignores the activities of hackers operating from within the Russian Federation, as it serves as a convenient way to destabilize other countries.

An unwritten agreement exists between cybercriminals and the Russian authorities: hackers receive safe haven in exchange for not crossing Moscow’s “red lines” and not provoking excessive diplomatic scandals.

The UK’s National Cyber Security Centre is already providing support to organizations affected by the Russian attack.

Hackers: latest news

Recall that Russian hackers have launched a large-scale campaign against popular messengers Signal and WhatsApp, attempting to gain access to user accounts.

According to Dutch intelligence services, attacks have also been recorded against Ukrainian military personnel through special bots. Digital security expert Pavlo Byelousov explained that hacking the services themselves is extremely difficult due to end-to-end encryption, so attackers directly target users’ devices.

The most common hacker scheme is social engineering, where people are tricked into connecting a third-party device to their account, which then begins to mirror messages. Experts emphasize that in most cases, the cause of a hack is user inattention or lack of awareness, rather than software vulnerabilities.

To avoid losing access to chats, specialists advise carefully checking messages with links, never connecting unknown devices to your accounts, and always using additional security measures.

Comments Sort by: New Old Popular Submit

No votes yet.
Please wait...

Залишити відповідь

Ваша e-mail адреса не оприлюднюватиметься. Обов’язкові поля позначені *