(844) 627-8267
(844) 627-8267

Russian and Chinese hackers breached Foreign Office systems in cyber attack kept secret from public | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Russian and Chinese hackers accessed the Foreign Office’s internal systems in a major security breach that was kept secret from the public, i can reveal.

The attacks allowed cyber attackers from Russia and China to access emails, internal messages, and Teams meetings revealing the day-to-day business of the government department.

i has learned that hackers from both countries compromised internet-connected servers belonging to the Foreign, Commonwealth and Development Office (FCDO) in 2021, although the breach did not give them access to classified information.

Insiders at GCHQ – the UK’s intelligence, security and cyber agency – and the FCDO told i the cyber hacks were enabled by a member of staff “probably accidentally” downloading malware hidden in an email.

Russian and Chinese state-linked actors would have been able to gain access to correspondence from ambassadors or diplomats positioned abroad which was not marked as classified, the insiders said.

Experts warned this may have put diplomats based in hostile environments at risk or potentially damaged relationships with important strategic allies by revealing private communications with other nations.

The Foreign, Commonwealth and Development Office buildings in London (Photo: Mike Kemp/Getty)

Speaking on condition of anonymity, sources at GCHQ and the FCDO said that perpetrators from both China and Russia had accessed the systems at the same time in separate attacks.

“At one point we believe both were on there,” a GCHQ insider told i. “It was very embarrassing and caused great stir in government because they didn’t know whether they should admit it or not.

“It would have been an enormous amount of information. But none of it should have been classified, just daily business stuff.”

The revelations come days after the Government revealed a 14-month-long infiltration of the Electoral Commission’s IT system by hackers who gained access to the names and addresses of thousands of registered voters.

Cyber attackers were able to access the internal digital operations of the FCDO and see the daily business of the government department responsible for national security at a time of increased tensions with Russia and China.

The cyber hacks came during a time of increased tensions between the UK, China and Russia (Photo: Getty)

That year, the UK had been forced to assess the threat posed by both rogue nations. China had sanctioned UK entities including MPs critical of its human rights abuses in Xinjiang, while Russia was busy plotting its full-scale invasion of Ukraine, moving troops closer to the border in preparation for attack.

The Government ultimately did not admit to the hacks because they didn’t want the “embarrassment” that their systems had been accessed on such a scale, the GCHQ insider said.

A cyber security specialist, who worked at the FCDO at the time, also confirmed the hacks took place adding that it was “certainly sub-optimal”.

In February 2022, the Government inadvertently revealed that the FCDO had been the target of a “serious cyber security incident” after mistakenly publishing a tender contract requesting urgent support following an attack. Sources could not say with any certainty that this was linked to the hacks by Russia or China because incidents such as this were “quite frequent”.

A third source, a former intelligence officer at the Foreign Office, said incidents like this in “some form or another” were a “daily occurrence”.

“The issue with government departments is that they are culturally apathetic about security and particularly cyber security,” they told i. “The general feeling is that the intelligence [agencies] have got that [covered], so we don’t need to worry.”

Sources said they did not think the hacks were co-ordinated by Russia and China but rather an opportunistic approach by one actor after discovering a vulnerability had been exposed by another.

The GCHQ insider said: “Once an adversary is on a global network, if another adversary is looking at it and it sees that the Russians are in all you had to do was piggyback on the back of it to get in.”

It is understood the initial Foreign Office hack stemmed from a phishing email – a common form of hacking whereby a seemingly inconspicuous email is sent to an organisation or individual embedded with harmful malware.

“You may have the best patch system in the world, but if a user clicks on something which enables something else and you didn’t spot it, that can be the vulnerability,” the GCHQ insider said. “What tends to happen then, is that the next system is put in with more rigorous checks around users with massive training cycles.”

Tensions between the UK, Russia and China

During 2021, tensions were mounting between Russia and the West as Vladimir Putin built up forces on the border in preparation for its full-scale invasion of Ukraine. Russia was also implicated in cyber attacks on Poland, France and the US.

Meanwhile, a government review had labelled China as the “biggest state-based threat to the UK’s economic security”.  

Dominic Raab, who was in charge of the department through most of 2021 before he was replaced by Liz Truss in September of that year, said the UK would not stop addressing “industrial scale human rights abuses” in Xinjiang after China imposed sanctions on 10 UK organisations and individuals – including the former leader of the Conservative Party, Iain Duncan Smith. 

Geopolitical relations with both countries have since soured further after the launch of Russia’s war in Ukraine and China’s repeated intimidation of Taiwan. Both countries have also been implicated in espionage on British soil since the cyber hacks on the Foreign Office in 2021.  

In June, i revealed that an alleged FSB agent had travelled to the UK capital, using the government’s Homes For Ukraine scheme to bring his family with him. And in January, this paper also revealed how a hidden Chinese tracking device was identified in a government vehicle, further heightening national security fears.  

Rishi Sunak has faced repeated pressure to strengthen his stance on China, not least from his predecessor Ms Truss. During her tenure at Downing Street, she was seen as one of the firmest critics of China and her criticism did not falter after leaving office.  

Speaking in Taiwan earlier this year, she said Mr Sunak should deliver on language he used during last summer’s Conservative Party leadership contest when he described China as the “biggest long-term threat to Britain” – a stance he rowed back on after becoming Prime Minister. 

A number of foreign states, including Russia and China, have been accused of espionage campaigns by Western countries in the past, such as the Solar Winds campaign in 2020, one of the biggest cyber security breaches of the 21st century. Russia is alleged to have been behind the hack in which thousands of organisations were targeted including the US government.

Earlier this year the UK’s cyber security agency urged operators of critical national infrastructure, including energy and telecommunications networks, to prevent Chinese state-sponsored hackers from hiding on their systems. 

Paul Chichester, the National Cyber Security Centre’s director of operations, said: “It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems, as described in this joint advisory with our international partners. 

“We strongly encourage providers of UK essential services to follow our guidance to help detect this malicious activity and prevent persistent compromise.” 

The Foreign Office’s internal systems were hacked around the same time as the Electoral Commission, according to sources, leading to further questions around the vulnerability of official systems to cyber crime.

In line with their longstanding policy on security matters, the FCDO refused request for comment.

The FCDO – the government department in charge of safeguarding the country’s national interests from foreign actors – hires around 17,300 staff in diplomatic and development offices worldwide, including in 280 embassies and high commissions abroad.

The cyber attacks by Russia and China occurred around the same time as the Electoral Commission hack, which was first identified in October 2022 around 14 months after “hostile actors” gained access to the names and addresses of thousands of registered voters.

The independent elections watchdog revealed on Tuesday that personal details belonging to millions of voters could have been accessed by “hostile actors” during a breach that began in August 2021 but was not identified until October the following year.

The hack allowed the attackers to access reference copies of electoral registers containing the names and addresses of people registered to vote between 2014 and 2022.

A history of major cyber attacks

This year marked the 20th anniversary of GCHQ’s first response to a state-sponsored cyber attack on the UK.

In June 2003, experts identified a suspected phishing email containing malware designed to steal sensitive data and evade anti-virus products on a government employee’s computer.

The UK was largely unaffected by serious hacks until the late 2010s. Here are some notable cases:  

Tesco Bank, 2016

Hackers exploited weaknesses in Tesco Bank’s online security to withdraw £2.5m from account holders. The bank was subsequently fined £16.4m by the UK financial regulator for failing to protect customers.

NHS WannaCry attack, 2017

The NHS was one of a number of organisations across the world affected by the WannaCry ransomware cryptoworm, which locked and then encrypted computer files. The hack disrupted more than 80 hospital trusts and 8 per cent of GP practices, leading to 19,000 appointments being cancelled across a week, costing the NHS millions of pounds.

British Airways, 2018

British Airways revealed a breach of its security systems in 2018 that caused the personal data of 420,000 staff and customers to be leaked. The Information Commissioner’s Office fined BA £20m for failing to protect its customers.

Travelex, 2019

Currency exchange firm Travelex was also the victim of a ransomware attack. Hackers locked Travelex out of its own files and halted currency transactions across the UK, demanding £5m in exchange for the return of 5GB of stolen personal data.

easyJet, 2020

Nine million easyJet customers were affected by a cyber attack in May 2020. The majority had their email address and travel itinerary stolen, while more than 2,000 had their credit card details accessed.

University of Manchester, 2023

A ransomware attack on the University of Manchester exposed NHS data on 1.1 million patients across 200 hospitals in June this year. The trove of records was gathered by the university for research purposes.

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW