Who are Star Blizzard? Shadowy Russian hacking unit accused of targeting government

The Kremlin hackers have been waging cyberwar on the UK since 2015.

Who are Star Blizzard? Shadowy Russian hacking unit accused of targeting government
Hacker Breaks into Government Data Servers and Infects Their System with a Virus
Russian hackers linked to the Kremlin have been accused of carrying out cyberattacks on the UK(Picture: Getty)

A Russian spy agency has been accused of carrying out a series of high-profile cyberattacks and meddling in British political affairs.

The Foreign Office claimed Moscow’s intelligence agency, the FSB, is responsible for orchestrating a massive hacking campaign in the UK since at least 2015, targeting the personal email accounts of MPs, journalists, and civil servants and stealing their private information. 

Universities, public sector organisations and international charities were also targeted by the FSB’s Centre 18, also known in intelligence circles as Iron Frontier and Star Blizzard.

Star Blizzard are said to be responsible for a significant number of Russian cyberattacks, and their involvement usually comes with direct authorisation from the Kremlin.

Hacker doing his crime on a desktop computer in the dark.; Shutterstock ID 1148369792; purchase_order: -; job: -; client: -; other: - 10898547
The Foreign Office say a massive hacking operation for been underway since at least 2015 (Picture: Shutterstock)

Members of the group were previously indicted for hacking millions of Yahoo email addresses in 2017, and they have also been accused of meddling in the 2019 general election.

Ukrainian intelligence also found the group maintains a significant presence in Russian-occupied Crimea.

Former MI6 Chief Sir Richard Dearlove is also believed to have been targeted.

‘We are in a state of grey warfare with the Russians short of open aggression and conflict,’ Sir Richard said.

‘They will do anything to undermine critical infrastructure, national security and attack any of our institutions that are not pro-Russia.’

The group tends to target their victims by carrying out a series of sophisticated phishing attacks on personal, rather than professional email addresses; often by setting up false accounts and impersonating contacts to ‘appear legitimate’ and building a rapport with their targets.

Once trust has been established, they then send their target a link to a malicious document or website containing malware, which harvests their private data.

MOSCOW - OCTOBER 14: The Lubyanka square FSB of Russia on October 14, 2017 in Moscow, Russia.
The Star Blizzard group are thought to have direct authorisation from the Kremlin itself (Picture: Getty Images)

Using these methods, Star Blizzard ‘selectively leaked and amplified the release of sensitive information in the service of Russia’s goals of confrontation’, the government said.

Cybersecurity expert Rafah Pilling described their operations as ‘bread and butter spy work’.

‘Spies go where the information is – and people’s mailboxes are where a significant chunk of this is,’ he told Sky.

‘It’s quite traditional espionage.’

Deputy Prime Minister Oliver Dowden said 40% of attacks had been against the public sector, which included a ‘complex’ operation against the Electoral Commission.

Speaking earlier this year, Mr Dowden said these Russian-aligned groups now have a motive to ‘disrupt or destroy’ UK infrastructure.

He added they are ‘ideologically motivated, rather than financially motivated’, which makes them ‘particularly concerning’.

Mandatory Credit: Photo by James Veysey/Shutterstock (14229081r) Deputy Prime Minister of the United Kingdom, Oliver Dowden Global Investment Summit, London, UK - 27 Nov 2023
Deputy Prime Minister Oliver Dowden says the attacks are ‘ideologically motivated’ (Picture: Shutterstock)

But the government has insisted Russia’s efforts have not been successful.

Two members of the group have been named by the government- Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets.

Within hours of them being named by the Foreign Office, Washington announced the same two men had been previously charged with attempting to hack the accounts of multiple US government agencies and their allies around the world.

Both men are still at large and believed to be in Russia. They have been charged with one count of conspiracy to commit computer fraud and one count of conspiracy to commit wire fraud. Both also face financial sanctions in the US and UK.

In January, the Royal Mail was targeted by a cyberattack from Russian hacking group LockBit, who attempted to extort the postal service with a ransomware attack.

A similar group was also believed to have been plotting an attack on this year’s Eurovision final in Liverpool, having previously attempted to hack last year’s semi-final.

In August, it was revealed that hackers from Russia and China had managed to infiltrate the Foreign Office in 2021 after targeting a government employee with one of their phishing scams.

Sources from GCHQ and the Foreign Office said Russian and Chinese hackers accessed the systems at the same time in separate attacks.

‘At one point we believe both were on there,’ a GCHQ insider revealed at the time.

In June, a range of British companies including Boots, British Airways and the BBC were also confirmed to have been victims of a cyberattack from a Russian hacking group named Clop.

Russia has also been accused of interfering in the Brexit referendum and the US presidential election in 2016, and it is assumed the Kremlin will seek to influence both countries’ elections in 2024.

Got a story? Get in touch with our news team by emailing us at [email protected]. Or you can submit your videos and pictures here.

For more stories like this, check our news page.

Follow Metro.co.uk on Twitter and Facebook for the latest news updates. You can now also get Metro.co.uk articles sent straight to your device. Sign up for our daily push alerts here.