An international hacking group targeted the Foreign Office in a campaign lasting several months, cyber security experts have revealed.
The Callisto Group are “highly motivated and well resourced” and thought to be involved in intelligence gathering about foreign and security policy.
Cyber security firm F-Secure claimed the group’s infrastructure has links with Russia, China and Ukraine, but did not offer any definitive conclusions about who was behind Callisto.
The Foreign Office (FCO) was one of the organisations targeted by Callisto in 2016, with other targets including military personnel, government officials, think tanks and journalists in Eastern Europe and the South Caucasus.
Erka Koivunen, chief information security officer at F-Secure said: “We do not have enough data to determine what exactly the Callisto Group were doing with the FCO, or whether any activity concerning them was successfully executed.
“However, we do have indicators that the FCO were targeted by the Callisto Group.”
The Government faces tens of thousands of cyber attacks every month and is aware of several established, capable state and state-sponsored groups seeking to penetrate UK networks.
The “active cyber defence” (ACD) programme developed by the Government is aimed at blocking attacks before they reach their intended recipient.
In a report on Callisto’s activities, F-Secure said that in October 2015 the group used “phishing” techniques – sending emails purporting to come from Google suggesting that their Gmail accounts were about to be closed – to harvest security credentials.
In early 2016 “spear phishing” emails with malicious attachments – appearing to be from people known to the recipient – were sent in “highly targeted” attacks aimed at government officials, military targets, think tanks and journalists.
The malware contained in the attacks would have enabled Callisto to gather basic information and screenshots – but also install further software which could have given the group full remote access to the machine and its data.
“While the targeting would suggest that the main benefactor of the Callisto Group’s activity is a nation state with specific interest in the Eastern Europe and South Caucasus regions, the link to infrastructure used for the sale of controlled substances hints at the involvement of a criminal element,” the report said.
One potential explanation was that Callisto is “a cyber crime group with ties to a nation state, such as acting on behalf of or for the benefit of a government agency” but it was not possible to make any “definitive assertions”, F-Secure concluded.
A National Cyber Security Centre spokesman said: “The first duty of Government is to safeguard the nation and as the technical authority on cyber security, the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world.
“Emails are the main path for most attacks and usually rely on an abuse of trust by spoofing well-known brands. The Government’s ACD programme is developing services to block, prevent and neutralise attacks before they reach inboxes.
“These measures are being trialled on government systems to prove effectiveness before we ask industry to implement them.”