header logo
Asia asset finance
Mogo Academy
Science & Tech
Russian hackers steal UK government logins
Russian hackers steal UK government logins
Mobitel Inner

Russian hackers have infiltrated the email accounts of UK government officials and overseas Foreign Office staff in a major national security breach.

 

In the sophisticated and ongoing attack – nicknamed FortiBleed by researchers – hackers stole login credentials belonging to government staff, granting unauthorised access to sensitive systems and threatening further infiltration across Whitehall departments.

 

The breach compromised more than 80,000 firewalls provided by Fortinet, a cyber security company.

 

Exploiting a vulnerability in the systems, the attackers used previously stolen data to bypass security perimeters designed to protect some of the UK’s most critical national infrastructure.

 

A list of breached accounts seen by The Telegraph reveals that credentials for overseas Foreign Office staff and local government officials across the UK have been exposed.

 

The breach included emails and coinciding passwords, allowing hackers – and anyone willing to pay them – the potential ability to infiltrate sensitive Whitehall systems. Dark web forums are trading access to the logins for as much as $60,000 (£44,000).

 

Breached accounts include those belonging to IT staff at British embassies in Thailand and Mauritius, as well as staff in Derbyshire and Waltham Forest, east London.

 

Breach could trigger ‘catastrophic’ NHS incident

 

Among the credentials up for sale are login details for a range of institutions providing critical services and national infrastructure, including the NHS, energy providers and key suppliers of medicines across the country.

 

Dr Saif Abed, a former NHS doctor who is now a cyber security expert, warned that the breach could trigger a “catastrophic” incident affecting patient safety.

 

 

“NHS organisations, pharmacies, labs, and their suppliers are highly dependent on products like those compromised by FortiBleed,” he said. “This is exactly the type of hack that’s the first step for launching catastrophic ransomware attacks that can threaten patient safety across the country.”

 

Healthcare suppliers are critical targets for hostile actors because attacks on their IT systems can quickly affect the daily functioning of hospitals.

 

In June 2024, cyber attackers, believed to be Russian-backed hacked IT systems run by pathology service company Synnovis, leading to the cancellation of more than 1,000 operations and 2,000 appointments.

 

Alert confirms ‘brute force’ attack

The latest attack, first identified by Volodymyr Diachenko, a cyber security researcher, remains active. Hackers are reportedly using valid credentials from previous leaks to turn compromised devices into collection hubs for further data harvesting.

 

Mr Diachenko said the breach provided access to “core networks” within the Foreign Office and could see other government departments becoming affected.

 

The underlying code for the hack, analysed by The Telegraph, is written in Russian.

 

An operator using the handle “SantaAd” is currently offering access to the stolen credentials on dark web forums. A suspected Telegram account for the hacker did not respond to requests for comment.

 

The National Cyber Security Centre (NCSC) has issued an urgent alert confirming a “brute force” attack on Fortinet systems. Organisations have been instructed to audit their networks and immediately isolate any breached devices.

 

No evidence of state involvement

There is no evidence of state involvement in the breach. However, hackers working from Russia are seen as a useful tool of global disruption to whom the Kremlin is happy to turn a blind eye.

 

In May 2024, the director of GCHQ, the UK’s communications intelligence agency, warned that Russia was increasingly looking to direct hackers towards attacks on British targets.

 

In her first major speech as the head of the intelligence agency, Anne Keast-Butler said that GCHQ was “increasingly concerned about growing links” between the Russian intelligence services and proxy hacker groups.

 

She said: “Before, Russia simply created the right environments for these groups to operate, but now they’re nurturing and inspiring these non-state cyber actors.”

 

Hackers benefit from a quid pro quo relationship with the Russian state whereby they can enjoy sanctuary in Russia, from where they carry out cyber attacks – so long as they do not cross Moscow’s red lines or cause too much diplomatic uproar.

 

An NCSC spokesman said: “We have provided support to organisations in the UK affected by malicious targeting of Fortinet edge devices globally.

 

“Organisations using Fortinet VPN and firewalls should change all default or reused passwords as set out by the advice available on the NCSC website.

 

“To stay alert to malicious activity on your networks, the NCSC recommends signing up for its Early Warning service to gain potentially invaluable time to help detect and stop attacks.”

 

The Foreign Office and the NHS were approached for comment.

 

Source: The Telegraph

--Agencies 

MostRead
Mobitel Upahara
VideoStories
Negombo Prison Violence: Two dead, 28 hospitalized;  Drug kingpin linked to deadly clash?

Negombo Prison Violence: Two dead, 28 hospitalized; Drug kingpin linked to deadly clash?

“Many insults are being hurled at Buddhist monks” Asgiri Chief Prelate calls for unity among clergy

“Many insults are being hurled at Buddhist monks” Asgiri Chief Prelate calls for unity among clergy

Agriculture Minister links excess rice consumption by public to high rate of diabetes in Sri Lanka

Agriculture Minister links excess rice consumption by public to high rate of diabetes in Sri Lanka

Dengue cases continue to soar as deaths rise to 39; PHIs intensity operation against dengue

Dengue cases continue to soar as deaths rise to 39; PHIs intensity operation against dengue

 Prices of multiple food items reduced from midnight today

Prices of multiple food items reduced from midnight today

Several farmers continue protests, demanding fair guaranteed paddy prices

Several farmers continue protests, demanding fair guaranteed paddy prices

Dengue cases continue to spike across several districts of the island

Dengue cases continue to spike across several districts of the island

Former Navy Commander Wasantha Karannagoda granted bail on two surety bonds

Former Navy Commander Wasantha Karannagoda granted bail on two surety bonds

Rakitha Rajapakshe, Charith Abeysinghe and another further remanded until July 17

Rakitha Rajapakshe, Charith Abeysinghe and another further remanded until July 17

Opposition Leader accuses Govt. of failing to honour its election promises

Opposition Leader accuses Govt. of failing to honour its election promises

Agriculture Minister vows to implement all possible measures to address farmers' concerns

Agriculture Minister vows to implement all possible measures to address farmers' concerns

 Court orders ex-SIS chief Suresh Sallay to provide Phone and laptop passwords to CID

Court orders ex-SIS chief Suresh Sallay to provide Phone and laptop passwords to CID

Bus fares increased from midnight on July 5 : Minimum fare raised to Rs. 34

Bus fares increased from midnight on July 5 : Minimum fare raised to Rs. 34

32 dengue related deaths reported this year : Public not taking situation seriously

32 dengue related deaths reported this year : Public not taking situation seriously

Sarvajana Balaya leader meets farmers in Medirigiriya : Farmers raise concern over paddy prices

Sarvajana Balaya leader meets farmers in Medirigiriya : Farmers raise concern over paddy prices

Lassana Flora