Foreign Office ‘Targeted By Sustained Cyber-Attack’

The Foreign Office was targeted by sophisticated hackers last year in a sustained attack that lasted for a period of several months, according to computer security researchers.

Beginning in April 2016 a hacking organisation called Callisto Group targeted Foreign Office staff with highly targeted email messages designed to trick them into handing over their email credentials, according to security firm F-Secure.

Phishing sites

The campaign involved building a number of convincing websites designed to closely resemble legitimate Foreign Office sites, incuding those used to access webmail, the firm told the BBC.

F-Secure said Callisto Group, publicly identified for the first time in a study published last week, targets individuals and organisations involved in foreign and security policy in Eastern Europe and the South Caucasus, including military personnel, government officials, think tanks and journalists.

The group has been active at least since October 2015, when it began sending phishing messages aimed at gaining access to the targets’ Gmail accounts, F-Secure said.

Once it had compromised a number of accounts, the group began using them early last year to send messages aimed at tricking targets into deploying an information-stealing malware tool.

The malware involved, called “Scout”, is part of the RCS Galileo platform developed by Hacking Team, an Italian company that provides digital surveillance tools to governments.

Surveillance malware

The platform was publicly leaked in July 2015 following a breach of Hacking Team’s systems, and Callisto Group used the software made available by that leak, F-Secure said.

The company wasn’t aware whether the attacks on the Foreign Office had been successful, but said they were comparable to the targeted phishing attacks Callisto Group carried out on other individuals and organisations.

The NCSC’s headquarters in Victoria

The BBC said an unnamed source told it the government had investigated the attack, and that the most sensitive Foreign Office information isn’t stored on the systems that were targeted.

The National Cyber Security Centre (NCSC) wouldn’t say whether data was stolen.

“The first duty of government is to safeguard the nation and as the technical authority on cyber security, the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world,” the agency said. “The government’s Active Cyber Defence programme is developing services to block, prevent and neutralise attacks before they reach inboxes.”

Nation-state link

Callisto Group appears to have been acting on behalf of a nation state with an interest in Eastern Europe and the South Caucasus, but it isn’t known which country that might be, F-Secure said.

The company found that infrastructure associated with Callisto Group was linked to Russia, the Ukraine and China, amongst other countries, as well as to online shops selling controlled substances, suggesting ties to criminal actors.

The findings suggest the group may be a cyber crime group acting on behalf of a government agency, the security firm said.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Increases Concessions, Amid CMA Oversight Of Cookie Removal

Google expands data pledges to address concerns of British competition regulator, overseeing tech giant's removal…

22 hours ago

India Moves To Ban Private Cryptocurrencies

India is to launch its own official digital currency, but will also ban private cryptocurrencies…

1 day ago

Google To Pay Millions To Ireland In Back Taxes

Google is to pay £183m in back taxes to the Irish government, in line with…

1 day ago

Orange CEO Resigns After Court Conviction

Stephane Richard steps down from his CEO and chairman positions of French mobile giant Orange,…

2 days ago

Apple To Use Own iPhone 5G Modem Design In 2023 – Report

Bad news Qualcomm. Team up with TSMC will see Apple utilise its own 5G modems…

2 days ago