Russian intelligence service behind ‘calculated and dangerous’ hacking – Truss

Russian intelligence services have targeted national infrastructure including UK energy companies and the engineering and industrial sectors in a “calculated and dangerous” hacking campaign spanning nearly a decade.

The UK and western allies have linked Russia’s Federal Security Service (FSB), the successor agency to the KGB, to “a historic global campaign targeting critical national infrastructure”, the Foreign, Commonwealth and Development Office (FCDO) said on Thursday.

The department said the National Cyber Security Centre (NCSC) was “almost certain” that the FSB’s Centre 16, which it said was also known by its hacker group pseudonyms of Energetic Bear, Berserk Bear and Crouching Yeti, had targeted critical IT systems and national infrastructure in Europe, the Americas and Asia.

Foreign Secretary Liz Truss said: “Russia’s targeting of critical national infrastructure is calculated and dangerous.

“It shows (Vladimir) Putin is prepared to risk lives to sow division and confusion among allies.”

It comes as the US Department of Justice unsealed two indictments charging four defendants, all Russian nationals who worked for the Russian government, in connection with hacking.

In the UK, the FCDO said Centre 16 had focused on engineering and industrial control companies, where “hackers may be able to access contact lists of hacked companies and establish long term access to networks”, and had also targeted UK energy companies.

It also linked the group to compromising software used by European manufacturers and wind turbine developers, gaining access through spear-phishing to European and North American energy sectors, and stealing user information and getting into US energy and nuclear facilities as well as the water, aviation and critical manufacturing sectors.

Spear-phishing is when targeted emails or text messages are sent to specific people, groups or organisations, for malicious purposes such as data theft, espionage, or fraud.

Centre 16 was also understood to have gained access to the email address of opposition leader Alexei Navalny, posing as the Russian Federal Tax Service to conduct spear-phishing against Russian nationals including the press secretary of Kremlin critic and former oligarch Mikhail Khordorkov, who now lives in the UK.

Separately, Ms Truss also added to the UK sanctions list a subsidiary of Russia’s defence ministry, the Central Scientific Research Institute of Chemistry and Mechanics for an incident involving overriding the safety controls of a Saudi petro-chemicals plant in 2017.

Ms Truss said: “We are sending a clear message to the Kremlin by sanctioning those who target people, businesses and infrastructure.

“We will not tolerate it.

“We will continue to work together with our allies to turn the ratchet and starve Putin’s war machine of its funding and resources.”

In 2020, the NCSC linked another Russian hacking group, APT29 – also known as Cosy Bear or The Dukes, with targeting organisations working on Covid-19 vaccines.

It said the hacking group was “almost certainly” linked to the Russian state.

The FCDO on Thursday said APT29 fell under Russia’s Foreign Intelligence Service, the SVR.

Other groups such as APT28 – also known as Fancy Bear or Strontium – and Sandworm came under Russia’s military intelligence wing, the GRU.

APT28 was thought to be behind the September 2016 cyber attack on the World Anti-Doping Agency (Wada), where hackers accessed the personal information of athletes.