UK accuses Russia of yearslong cyberespionage campaign

The British government on Thursday, 7 December accused Russia's Federal Security Service (FSB) of waging a sustained cyberespionage campaign against senior politicians, civil servants, journalists and nongovernmental organizations.

"Russia's attempts to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes," Foreign Secretary David Cameron said in a statement.

"In sanctioning those responsible and summoning the Russian ambassador today, we are exposing their malign attempts at influence and shining a light on yet another example of how Russia chooses to operate on the global stage," he said.

According to the Foreign Office, two Russian agents have been sanctioned for their alleged involvement in preparing so-called spear-phishing campaigns and "activity intended to undermine the UK."

Whom did the FSB target in the UK?

The British government claimed that a hacking group called Cold River, working on behalf of the FSB, targeted British politicians, journalists, and nonprofit groups from at least 2015 to 2023, with some attacks resulting in the leak of documents.

Foreign Office minister Leo Docherty told lawmakers that a cybergroup created false identities to impersonate legitimate contacts and compromise email accounts in the public sector.

"The targeting of this group is not limited to politicians but public-facing figures and institutions of all types. We have seen impersonation and attempts to compromise email accounts in the public sector, universities, media, NGOs and wider civil society," Docherty said.

Authorities said the group was responsible for the 2018 hacking of the Institute for Statecraft, a UK think tank that worked on defending democracy against disinformation and the leaking of US-UK trade documents ahead of the 2019 British general election.

What is the Cold River group?

The Cold River group, which is also known as "Callisto" or "Star Blizzard," first appeared on intelligence professionals' radar after it targeted Britain's Foreign Office in 2016. It was also behind the leak of private emails belonging to former British spymaster Richard Dearlove in 2022.

Cold River sits within the FSB's "Center 18," one of two known cyber-espionage units at the intelligence agency, according to cybersecurity experts.

A Western official, speaking to Reuters news agency on condition of anonymity, said the group was still very active and was part of Moscow's "Active Measures," intelligence-gathering ecosystem. It is a Cold War-era term used by the Soviet Union to describe covert political disinformation campaigns.