Britain, US sanction Russian hackers over years-long FSB cyberespionage campaign

By James Pearson, Christopher Bing and Raphael Satter

LONDON/WASHINGTON (Reuters) -The British and U.S. governments imposed sanctions on two Russian hackers on Thursday for what Britain's foreign office said was a sustained but failed attempt to interfere in politics by Russian cyber spies.

A hacking group cybersecurity researchers dubbed "Cold River", working on behalf of Russia's Federal Security Service (FSB), targeted British politicians, journalists and non-profit groups over a period of several years, the foreign office said in a statement, which added that Britain had summoned the Russian ambassador over the issue.

In January this year, Reuters exclusively reported that Cold River had targeted three nuclear research laboratories in the United States. In a telephone briefing on Thursday, a senior U.S. official confirmed that Cold River had successfully hacked a Department of Energy employee.

Moscow said there was no evidence for allegations of the digital spying campaign, Russian agencies reported later on Thursday. Russia's foreign ministry has previously dismissed Reuters reporting on Cold River as anti-Russian propaganda.

The group, which is also known as "Callisto" or "Star Blizzard", first appeared on the radar of intelligence professionals after it targeted Britain's foreign office in 2016. It was also behind the leak of private emails belonging to former British spymaster Richard Dearlove in 2022.

The Reuters report from January, which drew upon internet records and research from five cybersecurity experts, revealed that much of the digital infrastructure used by Cold River was set up by a 36-year-old IT worker named Andrey Korinets, in the northern Russian city of Syktyvkar.

Reached by phone on Thursday, Korinets, one of the two sanctioned FSB hackers, told Reuters he was unaware of any measures against him, or why such sanctions would have been initiated.

Cold River sits within the FSB's "Centre 18", one of two known cyber espionage units at the intelligence agency, Britain's foreign office and the U.S. justice department said.

Centre 18 is "supposed to be the FBI's counterpart in fighting cybercrime," the senior U.S. official said. And yet, "you have a law enforcement agency using cyber offensive operations and leveraging a cybercriminal to aid in those efforts."

The U.S. treasury said Korinets conspired with FSB officer Ruslan Peretyatko, who was also sanctioned, to break into victims' computer systems and in one case impersonate a retired U.S. Air Force general in a bid to trick the targets into clicking on malicious links.

Korinets declined to answer further questions and telephone calls from Reuters. Calls to Peretyatko went unanswered.

CYBER CENTRE 18

A Western government official, speaking on condition of anonymity, said Cold River was still very active, and was part of Moscow's "Active Measures", intelligence-gathering ecosystem - a Cold War era term used by the Soviet Union to describe covert political disinformation campaigns.

The group targets the personal email inboxes of high profile victims, Reuters found, including at least three former British intelligence officials.

"Because of the UK’s support for Ukraine we are in a state of ‘grey warfare’ with Russia; and the Russians will use every means at their disposal to attack British interests short of open conflict," Richard Dearlove, the former head of Britain's Secret Intelligence Service, or MI6, told Reuters.

Many of Cold River's targets were vocally critical of Russia and its war in Ukraine.

Stewart McDonald, a British lawmaker who has publicly supported Kyiv and for years spoken out against Russian interference, said in February that the group hacked his private emails

"Russia's military intelligence service, the GRU, has received the lionshare of the attention when it comes to election related activity, which is only natural given their history of serious incidents in the United States and France, but this actor is one to watch closely as elections near," said John Hultquist, who heads threat analysis at Google's Mandiant Intelligence.

The foreign office on Thursday said it was Cold River that leaked classified British-U.S. trade documents in the run up to the 2019 British election.

"The FSB clearly has an interest in political interference, and hacked emails are a powerful tool," Hultquist said.

(Reporting by James Pearson in London and Raphael Satter and Christopher Bing in Washington;Additional reporting by Polina Nikolskaya and Anton Zverev in London;Editing by Alison Williams and Josie Kao)