State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns

Dan Sabbagh

25 January 2023 at 7:01 pm·3-min read

Russian and Iranian state-linked hackers are increasingly targeting British politicians, journalists and researchers with sophisticated campaigns aimed at gaining access to a person’s email, Britain’s online security agency warned on Thursday.

The National Cyber Security Centre (NCSC) issued an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues.

Both groups have been active for some years, but it is understood they have recently stepped up their activities in the UK as the war in Ukraine continues, as well as operating in the US and other Nato countries. They aim to steal secrets – or leak correspondence online to embarrass high-profile figures – but not to extort money.

Paul Chichester, NCSC’s operations director, said the “threat actors based in Russia and Iran” from the two separate groups “continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems”.

The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.

In one case, the Iranian group, dubbed Charming Kitten, held a fake zoom meeting with their target, and shared the malicious link “in the chat bar during the phone call”, the NCSC said. Sometimes two or more fake personas are used in a carefully crafted effort to convince a person their inquiries or business is legitimate.

Last year, the Russian Group known as Seaborgium or Cold River was accused by Google of hacking into and leaking correspondence involving the former director of MI6 Richard Dearlove and other hard Brexiters seeking to block Theresa May’s Chequers EU exit deal.

This year, the same group was accused of targeting three nuclear research laboratories in the US, creating fake login pages for each institution and emailing scientists who worked there to try to make them reveal their passwords. It is not clear if any of the efforts were successful.

Ultimately, and ideally having built a rapport, the hackers will try to lure a person to click on a link that takes them to a webpage where they will be asked to enter their password details. At this point, their email is compromised using a technique known as “spear phishing”.

Although the method is one of the oldest hacking techniques, what distinguishes the two groups is the effort made to fool their targets, including creating “fake social media or networking profiles that impersonate respected experts” and offering invites to nonexistent conferences supposedly relevant to their targets.

Once they have control of an account, the hackers sometimes use it to lure in others, because victims will have greater confidence if emails they send are genuine. Hackers also set up secret “mail-forwarding rules” in an effort to regain access to an email account even when the hack is detected and passwords reset.

Both groups are believed to be state directed, engaged in what are described as “cyber espionage” activities – but the British agency has not formally blamed the Russian or Iranian governments. When such attributions are made, they are done so by the foreign secretary or other Foreign Office ministers.

NCSC encourages people to use strong email passwords. One technique is to use three random words, and not replicate it as a login credential on other websites. It recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.

The cyber agency also advises people exercise particular caution when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media.

Wales Online
Drivers 'mind blown' after realising their car handle has 'secret' function
Many people have been left impressed after finding out about the 'little known' function they never knew existed
13 hours ago
Sky News
Warwick Davis's wife Samantha dies aged 53
Samantha Davis, the wife of Star Wars and Harry Potter actor Warwick Davis and herself an actress, has died aged 53. Samantha co-founded the dwarfism charity Little People UK and featured in the final Harry Potter film, alongside Warwick. Warwick announced the news in a statement to the BBC, revealing she had died on 24 March.
a day ago
OK! Magazine
Prince William's heartbreaking 2-word promise to Kate Middleton as she continues recovery
The Prince of Wales has made his first public appearance since his wife, the Princess of Wales, announced she was battling cancer last month, and made a sweet promise to a Royal fan
12 hours ago
Manchester Evening News
This Morning's Ben Shephard responds as Jon Bon Jovi 'walks off show' after awkward moment
The rock legend appeared live on the show with Ben and Cat Deeley to celebrate and reflect on his 40-year career with his band
2 days ago
Chronicle Live
Barclays issues warning to anyone with £14,000 in their bank account
The bank has issued a warning to its customers, with the 21 to 40 age group making up nearly half of all reported cases
2 days ago
The Telegraph
Ukraine’s frontline is collapsing – and Britain may soon be at war
While Western eyes are fixed on Tehran and Tel Aviv, Ukraine’s frontlines are showing clear signs of crumbling. There is a very real possibility they could crumble this summer if we do not throw the kitchen sink at Russia. Even if we do, it may already be too late for the weapons and munitions long promised by the West to save the day.
17 hours ago
Daily Record
Woman refused to move bag off train seat for 'demanding' man - and people think she's right
Leaving bags on train seats is usually a no-no, but people have praised one woman for her actions.
2 days ago
Daily Record
Prince Harry and Meghan Markle 'in difficult position' over King Charles' Balmoral invite
King Charles is said to have extended an olive branch to his youngest son and his wife by 'hinting' they should visit Balmoral this summer - but it could put the couple in a 'difficult position'.
18 hours ago
Hello!
Victoria Beckham's rarely-seen sister shares incredible photo alongside Spice Girl - and they could be twins
Victoria Beckham marked her 50th birthday on Wednesday and her rarely-seen sister shared a fabulous photo of her Spice Girl sister. See photo.
23 hours ago
Birmingham Live
Prince Harry stuns fans with reaction to Meghan Markle kissing polo teammate
Meghan Markle was on hand to congratulate her husband Prince Harry and his Royal Salute Sentebale team after they won the Royal Salute Polo Cup in Wellington, Florida
2 days ago
Hello!
BBC Breakfast star Carol Kirkwood absent from show following health update
BBC Breakfast star Carol Kirkwood has been missing from the show this week. The weather presenter's absence comes after she shared an update on her health last week…
19 hours ago
Devon Live
Helen Skelton fans issue complaint minutes into her TV return
Springtime On The Farm returned to Channel 5 with Helen Skelton and Jules Hudson but fans had the same complaint for the show and the former Blue Peter presenter
17 hours ago
Teesside Live
Aldi issues urgent food recall over item with 'active police investigation'
The supermarket is urging customers to return the product for a full refund
2 days ago
Manchester Evening News
BBC Strictly Come Dancing's Giovanni Pernice supported by fans as he confirms break
The dancer confirmed the news to fans ahead of the BBC One dance contest returning later this year
20 hours ago
Chronicle Live
Vera ITV viewers lose it as star killed off in 'unbelievable' scenes in hit drama
There was a treat for Vera fans earlier this week when ITV aired the first ever episode of the much loved drama
2 days ago
Hello!
The antiquated rule Lady Louise Windsor has to follow with her brother James, Earl of Wessex
The Duke and Duchess of Edinburgh's daughter Lady Louise Windsor has to follow a very antiquated rule with regards to her younger brother James, Earl of Wessex
18 hours ago
The Telegraph
Europe is revolting against the tyranny of electric cars
The rest of Europe, Remainers like to tell us, is forging ahead into a glorious green future while Brexit Britain is stalling, the government backsliding one by one on its net zero commitments.
14 hours ago
Daily Record
Meghan Markle fears Archie and Lilibet will grow up resenting her for being 'deprived' of one thing
Meghan Markle is said to be missing "some aspects" of life in the UK and is worried that her children may grow up to "blame her" if they are "deprived" of the chance to be working royals in the UK.
a day ago
The Independent
Woman arrested for wheeling corpse into bank to co-sign a loan
The woman appeared to be propping up the dead man’s head in a video of the incident
a day ago
Daily Record
ITV This Morning guest stunned as she learns real value of £10 charity shop bargain
This Morning guest Catherine was left stunned as she learnt the real value of her £10 charity shop bargain during the latest episode of the ITV chat show.
15 hours ago

Latest stories