“Star Blizzard”: The FSB’s Cyber War Against the UK

On the 7th of December, The BBC published an article accusing Russia’s Federal Security Service (FSB) of ongoing cyber campaign interfering in UK politics by targeting hundreds of politicians, peers, civil servants, lawyers, academics, think tanks, journalists, and NGOs since 2015.

 Leo Docherty, UK Foreign Office minister, addressed the House of Commons on the 7th of December, revealing that the FSB and its Centre 18 unit operated through the hacking cyber group “Star Blizzard”, also known as Callisto Group, Seaborgium, or Coldriver, and stole data with the intent to interfere in British domestic politics. The group is believed to be operated by FSB officers and was responsible for amplifying stolen UK-US trade talk documents from Conservative MP Liam Fox in the lead-up to the 2019 general election. Victims were mainly targeted through their personal email addresses, such as Outlook, Gmail, Yahoo, Proton mail where Star Blizzard employed phishing tactics to gain victims' confidence and persuade them to click on malicious links. After successful phishing, the Star Blizzard group stole victim’s emails and attachments, set up mail-forwarding rules, and gained ongoing visibility into victims' emails and contact lists. The group later leaked UK-US trade documents before the 2019 General Election, compromising the Institute for Statecraft in 2018 (a UK Think Tank) and hacking its founder Christopher Donnelly's account in December 2021. This interference also extends to universities, journalists, public sector organizations, NGOs, and other civil society groups pivotal to UK democracy. Even though the FSB compromised private communications of high-profile figures and the 2019 General Elections, Docherty emphasized that the FSB’s influence campaign had been unsuccessful and that the UK will continue to expose Russian covert cyber activities. As for Russia's foreign ministry, it has rejected the claims, stating the UK lacked concrete evidence.

 According to Docherty, the FSB and The Star Blizzard group pursued cyber-attacks to undermine trust in UK politics and like-minded states, aligning with Russian confrontation goals. Their malicious cyber activities are seen as part of a broader pattern of cyber operations conducted by Russian Intelligence Services globally. Past instances include compromises affecting ViaSat, SolarWinds, and the targeting of critical national infrastructure.

 While Docherty claims that FSB’s cyber-attacks were unsuccessful, David Cameron and Paul Chichester (NCSC director of operations) strongly condemn these interference attempts and emphasize the threat to democratic processes. As part of Docherty’s announcement, the NCSC has published in collaboration with the US, Australia, Canada, and New Zealand’s cybersecurity agencies (NCSC, US CISA, FBI, NSA, CNMF, Australian ASD's ACSC, Canadian CCCS)  a refreshed cybersecurity advisory. This guidance, specifically tailored for individuals at higher risk of being targeted, aims to enhance the security posture of high-profile individuals and to recommend measures such as two-step verification, strong passwords, and prompt installation of updates. It also shares technical details of the actors' attack methods.

 Following a National Crime Agency investigation, the UK government sanctioned two alleged members of Star Blizzard involved in the operation, Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets in an attempt to serve as a warning that the UK will track down and retaliate against individuals involved in malicious cyber campaigns. The UK Government has also summoned Russia's ambassador to express deep concern about Russia's sustained attempts to use cyber means for interference.