Callisto Group hackers targeted Foreign Office data in phishing scam, cybersecurity firm says

Caroline Mortimer
The National Cyber Security Centre refused to say whether any Foreign Office data was compromised: Adrian Pingstone

The UK Foreign Office was targeted by a group of determined and well-funded hackers over several months last year.

Research published by cybersecurity firm F-Secure suggested the attack was a “spear-phishing” campaign in which people are sent targeted emails with a link to a false login page to trick users into giving up their username and password.

The hackers created websites that looked like legitimate Foreign Office websites, including those for accessing an internal email account online.

The scam is believed to have been perpetrated by hackers who call themselves the Callisto Group.

F-Secure said it did not know whether the attack was successful and the National Cyber Security Centre did not say whether data had been stolen.

A spokesman told The Independent: “The first duty of Government is to safeguard the nation and as the technical authority on cyber security, the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world”.

He said it was trialling a new government-wide, Active Cyber Defence (ACD) programme to block phishing emails like this before they reach civil service inboxes.

F-Secure told the BBC the attack was part of a wider attempt by the Callisto Group to attack several targets, primarily in Eastern Europe, including “military personnel, government officials, think tanks and journalists”.

It added that there was some evidence the hackers were linked to a nation state but did not specify which one.

The company observed that some of the Callisto Group’s infrastructure had links to “entities” in China, Russia and Ukraine.

It follows the revelation that there was an attempt to disrupt the UK general election by Russian-backed hackers posing as Isis militants.

GCHQ uncovered a plot to target every Whitehall server and force every major TV broadcaster, including the BBC, Sky News and Channel 4, off the air on the day of the election.

It was discovered after the spy agency analysed a successful attack on the French broadcaster TV5Monde in 2015.

The group forced the channel’s scheduled programming off air for 18 hours and replaced them with a screen showing the terror group’s flag.

The inference with the UK’s government follows on from an ongoing probe into the Kremlin’s influence on the US elections last year.

Hacking groups such as DC Leaks, Fancy Bears and Guccifer 2.0 who were responsible for the leaking of damaging information about the Democrat party.

The most significant attack, the leaking of thousands of private emails between senior members of the DNC to Wikileaks by Fancy Bears, lead to the resignation of DNC Chair Debbie Wasserman-Schultz.