Iranian and Russian hackers targeting politicians and journalists, warn UK officials
BBC News -Jan 26th 2023
Iranian and Russian hackers are targeting British politicians and journalists with espionage attacks, officials have warned.
The National Cyber Security Centre has issued a fresh alert about increasing attempts to steal information from specific groups and individuals.
NCSC said the hackers usually target those doing research and work about Iran and Russia.
It described the hacking groups as “ruthless” in pursuing their targets.
The NCSC – which is part of UK cyber and intelligence agency GCHQ and gives cyber-security advice – explained the attacks were not targeting the public, but specific individuals and groups, including politicians, officials, journalists, activists and think tanks.
The hackers will often impersonate real contacts to build trust, and send fake invites to events or Zoom meetings containing malicious code. If clicked on, they can compromise accounts allowing the hacker to gain access to sensitive information.
NCSC director of operations Paul Chichester said: “These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems.
“We strongly encourage organisations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”
The number of individuals targeted in the UK is small – in the tens – with a minimal impact, officials say. But organisations have been asked to secure their online accounts, and report suspicious approaches.
Officials are not formally accusing Russia and Iran of involvement in the espionage, although two hacking groups they are warning about are widely believed to be linked to the two states.
A Russian group, known as SEABORGIUM or Cold River, has previously been linked in media reports to the leaking of emails belonging to ex-MI6 head Sir Richard Dearlove and the targeting of US nuclear laboratories.
Google has said the group has also targeted US think tanks, a Ukraine-based defence contractor and the military of multiple Eastern European countries.
An Iranian Group – known as TA453 or Charming Kitten – has been linked by independent cyber-security experts to the country’s Islamic Revolutionary Guard Corps and is accused of targeting US politicians as well as critical infrastructure.
The campaigns are separate and not the result of collaboration, but the joint warning is being issued because they rely on similar techniques and targets.