scaliger - stock.adobe.com
UK and EU impose sanctions on hacking groups linked to Kremlin
Hackers linked to Russian intelligence behind attack on Poland’s energy infrastructure, theft of credentials and using vulnerable routers to attack critical national infrastructure
The UK and the European Union have issued sanctions against individuals and organisations linked to Russian-backed cyber attacks.
In their first joint cyber-sanctions package, the UK and Europe has targeted 24 individuals and entities linked to the Russian Intelligence Services for conducting malicious cyber and information campaigns.
The move came as the UK and the EU named a unit in Russia’s domestic intelligence service, Federal Security Service (FSB) Centre 16, as the perpetrator of a cyber attack on Poland’s energy grid infrastructure in December last year, which placed the power supply of 500,000 citizens at risk during winter.
The UK and 12 other countries have separately urged businesses to take steps to secure outdated routers, following warnings that Centre 16 has been using vulnerabilities to attack critical national infrastructure worldwide.
The UK’s Foreign, Commonwealth & Development Office said today that Russian Intelligence Service agencies have tasked cyber criminals to collect intelligence to support Russia’s military and foreign policy objectives, including supporting Russia’s war against Ukraine.
The sanctions named senior leaders in Russia’s foreign intelligence service the GRU – including Vyacheslav Stafeyev, Ivan Senin and Ivan Kasyanenko – for their role in directing GRU cyber and hybrid threat operations.
According to Western intelligence agencies, GRU Unit 29155 cyber division worked with cyber criminals, including the company Impuls to recruit hackers and cyber specialists from universities and academies across Russia.
Russia used Lumma Stealer for cyber espionage
The UK is also sanctioning individuals behind Lumma Stealer malware as a service, which was targeted by technology companies and law enforcement in a disruption operation last year.
The UK said today that Russia has used Lumma Stealer’s stolen credentials to conduct cyber espionage operations against targets across the world.
According to the National Crime Agency (NCA), there have been at least 2,100 Lumma Stealer victims in the UK in the past six months.
Company spread ‘false narratives’ about Ukraine
The UK is also sanctioning 10 individuals linked to Rybar LLC, including directors, senior management and content designers. The company is accused of spreading false narratives about Ukraine and interfering in European elections, including in Moldova and Armenia.
Foreign secretary Yvette Cooper said: “These sanctions strike at the core of the cyber criminal networks propping up the Russian state’s aggression, and the UK and EU are sending a clear message that Russia cannot hide behind its use of these proxy groups.
“To date ,the UK has sanctioned over 3,400 targets behind Russia’s war effort, and will continue to work alongside our allies to bear down on those carrying out hostile activity on behalf of the Kremlin, spreading dangerous lies and undermining democratic values,” she added.
Russian intelligence services targeting router vulnerability
The National Cyber Security Centre, part of GCHQ also warned today that FSB Centre 16 cyber actors, are exploiting vulnerable routers and opportunistically targeting networks belonging to critical national infrastructure (CNI) globally.
It has urged sectors most at risk – including communications, defence, energy, financial services, government and healthcare – to take action to secure their networks, according to an advisory issued by 18 agencies from 12 countries.
Centre 16 – also known as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard and Static Tundra – has been seen hunting vulnerable routers by scanning the internet for devices that still use default or weak simple network management protocol (SNMP) passwords and community strings.
The group has also exploited well-known vulnerabilities relating to Cisco devices, Cisco’s Smart Install (SMI) feature and web-portal flaws to gain control of network devices.
The NCSC signed the advisory with Australia, Canada, Czech Republic, Denmark, Estonia, Finland, France, Italy, New Zealand, Poland, Sweden and the United States.
Jonathon Ellison, NCSC director of national resilience, said that the UK and international partners had repeatedly exposed the advanced tools and coordinate campaigns used by Russian cyber actors, and urged organisations to take immediate action to protect their networks
“Today’s joint advisory provides decisive, actionable directions from the global security community that network defenders should implement to protect against Russian Intelligence operations and secure the UK’s critical infrastructure,” he said.
Read more about nation-state cyber threats
- AI-powered cyber attacks may be just months away, warn Five Eyes: Frontier AI models will pose a greater cyber security risk to governments and businesses than previously thought, putting them at risk within months.
- UK to build ‘national cyber shield’ to protect against AI cyber threats: Security minister Dan Jarvis calls for artificial intelligence companies to work with government to develop AI-driven cyber defences.
- Nation-states responsible for ‘nationally significant’ cyber attacks against UK, says NCSC chief: The UK is facing four nationally significant cyber attacks a week, the majority from hostile states, the NCSC chief will warn at the CyberUK conference.
