Exclusive Russian spies hacked UK government systems earlier this year stole data and emails
pppLeadershipppCybercrimeppNationstateppElectionsppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp Updated August 9 with comments from a government spokesperson about the incident pp Cyber spies working for Russias foreign intelligence service accessed corporate emails and data on individuals from the British government earlier this year according to an official description of the incident obtained by Recorded Future News pp The breach which has not previously been reportedfollowed the Russian hackers initially targeting Microsoft which supplies corporate services to the Home Office before the hackers exploited this access to also compromise data from several of Microsofts clients pp Following publication a government spokesperson stressed that the Russian spies had not accessed the Home Offices own systems It is understood the hackers compromised corporate email data shared between Microsoft and the Home Office that was held by Microsoft pp There is no evidence that Home Office systems were compromised We take data security very seriously with robust reporting mechanisms in place and continuous monitoring to ensure data is protected the spokesperson said pp Microsoft first disclosed in January that the hacking group tracked as Midnight Blizzard which the UK attributes to Russias SVR intelligence agency had accessed the email accounts of senior leaders at the company later confirming the hackers had also accessed customers emails as well as Microsofts own source code repositories and internal systems pp The Home Office reported the incident to Britains data protection regulator on May 2 almost four months after Microsofts initial disclosure Under British data protection laws organizations are required to report personal data breaches to the regulator within 72 hours of becoming aware of the breach pp A description of this report obtained under the Freedom of Information Act said the incident was a nation state attack on a supplier of the departments corporate systems and linked the hack to Microsofts January announcement pp A spokesperson for the ICO said We can confirm that we are aware of this incident have assessed the information provided and concluded that no further action is required pp It is likely that most of Microsofts government customers may have discovered being impacted by the breach much later than when Microsoft became aware of the initial incident affecting its senior staff pp It wasnt until April that the US Cybersecurity and Infrastructure Security Agency CISA warned that federal government data had also been affected by the hack pp At that time CISA said Microsoft had pledged to assist the US governments investigation into the incident by providing metadata for all exfiltrated federal agency correspondence and warned that this stolen correspondence presents a grave and unacceptable risk to agencies pp The breach of British government data comes as Russias intelligence services have been especially active in supporting Moscows war aims as it continues its invasion of Ukraine including by targeting those countries providing support to Kyiv pp Since February 2022 the rules of the game have changed for the Kremlin which now acts in the cyber realm as if it were already at war with the UK said Christopher Steele the director of Orbis Business Intelligence and a former British intelligence officer focusing on Russia pp James Sullivan the director of cyber research at the RUSI think tank said Its not a surprise that this may have happened We know that Russia conducts campaigns like this and the British public is sadly used to it now rather than outraged pp But we must take these incidents seriously They can undermine trust and confidence in public services and public officials We do need to understand the impact a bit more in terms of the damage that has been done what the risks are to the country what kind of strategic advantage the adversary might be pursuing and respond accordingly pp Measuring the effect of intelligencegathering operations is extremely challenging Steele said that the SVRs motivations may be manifold such as finding personal information of key individuals or simply disrupting the functions of the British state but their tactics are consistently more brazen and less cautious than in the past pp Just the day after the data breach report was filed with Britains data protection regulator the UK and allies issued a joint statement condemning malicious cyber activity by the Russian intelligence services although this specifically focused on the activity of a different Russian agency the GRU which was blamed for attacks on the German Social Democratic Party pp RUSIs Sullivan told Recorded Future News Official attributions are a tool we have but attribution needs to come as a package of measures it needs to be coupled with other interventions like sanctions or with cyber operations against the adversary to have an impact Id be very interested to see what the actual response would be to an incident like this or even if the UK Government thinks a response is needed pp Sullivan said the incident highlighted pressing questions about the accountability of the privatesector organizations involved in selling services to governments Similar to Crowdstrike this incident affecting Microsoft shows how our use of just a few providers for critical services sets us up for single points of failure when there are breaches or outages We may need to think about greater vendor diversity to spread the risk out and give organizations more resilience pp Following publication a spokesperson for Microsoft said We have found no evidence that any Microsofthosted customerfacing systems have been compromised as a result of the attack against Microsoft that we shared in January As we shared at the time the threat actor accessed a very small percentage of Microsoft corporate email accounts We provided notifications to customers who corresponded with the impacted Microsoft corporate email accounts ppAlexander Martinppis the UK Editor for Recorded Future News He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research InitiativeppPrivacyppAboutppContact Uspp Copyright 2024 The Record from Recorded Future Newsp