The Foreign and Commonwealth Office was the target of sustained hacking attempts over months in 2016, it has emerged.
In a report by F-Secure that details the attack, the first round of ‘spear-fishing’ emails were sent out in October 2015 with the sustained attack starting in April 2016. Although it is not being revealed if any data was stolen or compromised, a source has told the BBC that the most sensitive information is not stored on the servers that were targeted.
F-Secure think that the attack could have links to a nation state and while they don’t know if it was successful, they are certain of how the attempt to score information was made. The group of hackers refer to themselves as the Callisto Group and launched a ‘spear-fishing’ campaign so people were sent emails with spurious links designed to get them to hand over their login details. Web addresses similar to those used by the FCO were created and included within emails.
Although the Government would neither confirm nor deny the attacks, the nature and the length of time the attempts went on for are alarming. The National Cyber Security Centre (NCSC), in a statement said: ‘The first duty of government is to safeguard the nation and as the technical authority on cyber security, the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world.
‘The government’s Active Cyber Defence programme is developing services to block, prevent and neutralise attacks before they reach inboxes,’ it further added.
Investigations by the BBC have, however, revealed a more chilling fact. That the information their investigations have yielded could be linked to the Russian hacking of the US elections. IP addresses of the phishing domains match those of the Grizzly Steppe. According to a US government report, Grizzly Steppe is the alias used by the US government to refer to the “Russian civilian and military intelligence services to compromise and exploit networks and endpoints associated with the US election”.
Although there is no hard evidence, only circumstantial one, F-Secure did notice similarity between the Callisto Group’s hacking and previous attacks that have been linked to Russia. Although the ones targeting the FCO weren’t as ‘technically capable as the APT28.
However, F-Secure don’t want to definitively associate Calypso Group with a nation state, saying: It is possible to come up with a number of plausible theories to explain the above findings For example, a cyber crime group with ties to a nation state, such as acting on behalf of or for the bene t of a government agency, is one potential explanation However, we do not believe it is possible to make any dfinitive assertions regarding the nature or affiliation of the Callisto Group based on the currently available information.