Foreign Office ‘Targeted By Sustained Cyber-Attack’

gchq

The British government was the subject of a sophisticated phishing campaign for several months last year, researchers say

The Foreign Office was targeted by sophisticated hackers last year in a sustained attack that lasted for a period of several months, according to computer security researchers.

Beginning in April 2016 a hacking organisation called Callisto Group targeted Foreign Office staff with highly targeted email messages designed to trick them into handing over their email credentials, according to security firm F-Secure.

Phishing sites

The campaign involved building a number of convincing websites designed to closely resemble legitimate Foreign Office sites, incuding those used to access webmail, the firm told the BBC.

hacker

F-Secure said Callisto Group, publicly identified for the first time in a study published last week, targets individuals and organisations involved in foreign and security policy in Eastern Europe and the South Caucasus, including military personnel, government officials, think tanks and journalists.

The group has been active at least since October 2015, when it began sending phishing messages aimed at gaining access to the targets’ Gmail accounts, F-Secure said.

Once it had compromised a number of accounts, the group began using them early last year to send messages aimed at tricking targets into deploying an information-stealing malware tool.

The malware involved, called “Scout”, is part of the RCS Galileo platform developed by Hacking Team, an Italian company that provides digital surveillance tools to governments.

Surveillance malware

The platform was publicly leaked in July 2015 following a breach of Hacking Team’s systems, and Callisto Group used the software made available by that leak, F-Secure said.

The company wasn’t aware whether the attacks on the Foreign Office had been successful, but said they were comparable to the targeted phishing attacks Callisto Group carried out on other individuals and organisations.

The NCSC's headquarters in Victoria
The NCSC’s headquarters in Victoria

The BBC said an unnamed source told it the government had investigated the attack, and that the most sensitive Foreign Office information isn’t stored on the systems that were targeted.

The National Cyber Security Centre (NCSC) wouldn’t say whether data was stolen.

“The first duty of government is to safeguard the nation and as the technical authority on cyber security, the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world,” the agency said. “The government’s Active Cyber Defence programme is developing services to block, prevent and neutralise attacks before they reach inboxes.”

Nation-state link

Callisto Group appears to have been acting on behalf of a nation state with an interest in Eastern Europe and the South Caucasus, but it isn’t known which country that might be, F-Secure said.

The company found that infrastructure associated with Callisto Group was linked to Russia, the Ukraine and China, amongst other countries, as well as to online shops selling controlled substances, suggesting ties to criminal actors.

The findings suggest the group may be a cyber crime group acting on behalf of a government agency, the security firm said.

Do you know all about security in 2017? Try our quiz!