Russian Hackers Put UK Government and NHS Logins Up for Sale on Dark Web – SOFX | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Russian-linked hackers have stolen login credentials from British local government officials, overseas Foreign Office staff, and critical infrastructure networks through a massive campaign known as FortiBleed, with the stolen data being sold on dark web forums, The Telegraph reported July 5.

The first is formally attributed to Russia’s military intelligence directorate (GRU). The National Cyber Security Centre (NCSC), part of GCHQ, assessed in April that APT28, also known as Fancy Bear and linked to GRU Unit 26165, hijacked Domain Name System (DNS) settings on MikroTik and TP-Link routers to funnel victims’ traffic through Kremlin-controlled servers, harvesting credentials that defeat two-factor authentication.

Lumen’s Black Lotus Labs identified at least 18,000 victims across 120 countries. The FBI’s Operation Masquerade disrupted the network on American soil.

The second operation, known as FortiBleed, has been linked to Russian-speaking threat actors but lacks formal state attribution. Security firm SOCRadar confirmed 86,644 credentials were harvested from Fortinet FortiGate firewalls and VPN gateways across 194 countries through widespread brute-force and credential-stuffing attacks.

The Telegraph reported that compromised accounts include Foreign Office IT staff at embassies in Thailand and Mauritius, local council employees in Derbyshire and Waltham Forest, and login details for NHS systems, energy suppliers, and medicine distributors, all available for purchase on dark web forums. The government has not disclosed which departments were affected.

The NCSC said in June that 75% of cyberattacks on British critical national infrastructure over the past year came from hostile state actors including Russia.

Labour MP Graeme Downie of Dunfermline and Dollar told The UK Defence Journal that Russian attacks now span every domain. “We’ve now had Russian attacks on the UK on land, through poisonings of British citizens and arson attacks on the Prime Minister’s car, in the air through drone incursions, at sea via threats to sub sea cables and now another cyber attack,” Downie said.



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW