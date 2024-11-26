The UK government has warned that cyber threat actors operating on behalf of the Russian regime have already orchestrated cyber attacks against UK media, telecoms, political and democratic institutions, and critical national infrastructure (CNI), and are poised to conduct even more devastating attacks.

Speaking at the Nato Cyber Defence Conference in London, Pat McFadden, chancellor of the Duchy of Lancaster, said: “With a cyber attack, Russia can turn off the lights for millions of people. It can shut down power grids.

“That is the hidden war Russia is waging in Ukraine, and in the last year, both the Russian military and its unofficial army of cyber criminals and hacktivists have not just stepped up their attacks, but widened their targets to a number of Nato members and partners. The aim is to gain a strategic advantage, to degrade the states that support Ukraine,” he said.

McFadden also called out Moscow’s use of cyber criminal gangs and mercenary hacktivist operations that are not directly controlled by the Kremlin but are allowed to act with impunity as long as they don’t act against Russia’s interests.

He revealed that such gangs had targeted the South Korean state in response to its monitoring of Russia’s deployment of North Korean troops to the Kursk region of Ukraine.

“Russian state-aligned groups have taken responsibility for at least nine separate cyber attacks of varying severity against Nato states, including unprovoked attacks against our critical national infrastructure,” said McFadden.

“The activity of these groups isn’t something new, or something that has just been happening in recent months. They are unpredictable; they act with disregard for the potential geopolitical consequences and, with just one miscalculation, could wreak havoc.

“The UK and others in this room are watching Russia. We know exactly what they are doing, and we are countering their attacks both publicly and behind the scenes. We know from history that appeasing dictators engaged in aggression against their neighbours only encourages them. Britain learned long ago the importance of standing strong in the face of such actions.”

Unhelpful language Jamie MacColl, cyber research fellow at the Royal United Services Institute (RUSI) think tank, said McFadden’s speech represented a rhetorical escalation in how Westminster approaches cyber operations, and at times veered into the kind of hyperbole that has not been seen from a sitting government minister “since [former Conservative minister] Gavin Williamson said that a cyber attack could kill thousands”. The suggestion that Russia ‘can turn the lights off for millions’ is not grounded in reality ... This kind of language does Russia’s job for it, given Russian intelligence wants to create panic and weaken societal resilience through cyber operations Jamie MacColl, Royal United Services Institute “[It] is likely intended to signal the seriousness of the Russian cyber threat to Nato partners, as well as UK critical national infrastructure providers and businesses that need to harden their cyber defences…. This speech is likely intended to galvanise action within the alliance, particularly among allies who may be less inclined to take the Russian threat seriously,” MacColl told Computer Weekly via email. However, he continued, McFadden risked veering into outright hyperbole which was not necessarily helpful. “The suggestion that Russia ‘can turn the lights off for millions’ is not grounded in reality and likely reflects a misunderstanding of the kind of effects that offensive cyber operations can achieve,” he said. “This kind of language also does Russia’s job for it, given Russian intelligence wants to create panic and weaken societal resilience through cyber operations. “Resisting Russian cyber attacks requires psychological as well as cyber resilience, and this rests on clear and calm rhetoric and guidance from the government. The new Labour government is on a learning curve with cyber security after 14 years out of office – it needs to make sure it has political advisers and speechwriters that understand the reality of cyber operations and cyber security,” McFadden added. James Sullivan, who directs RUSI’s Cyber Research work, added that talk of doomsday scenarios such as a nationwide power cut in the deep midwinter risked damaging public trust in public services. He called on the new government to reconnect with the public about why cyber security really matters, saying that disaster movie scenarios missed the more nuanced reality that cyber incidents cause much more “gradual and insidious” harm. Read more about Russian APT activity in 2024 The NCSC and counterpart agencies from the US and other countries have exposed a long-running campaign of Russian cyber espionage and warfare conducted by GRU Unit 29155.

The European Union, alongside member states Czechia and Germany, have accused Russian government APT Fancy Bear of being behind a series of attacks on political parties and government bodies.

Mandiant has formally attributed a long-running campaign of cyber attacks by a Russian state actor known as Sandworm to a newly designated advanced persistent threat group to be called APT44.