Part of the FSB unit that is “harvesting sensitive material” through social media is leaking information to the Kremlin.
The aggressive FSB squad that aimed to fuel the Brexit scandal and obstruct European NGOs looking into war crimes in Ukraine is believed to have included the Russian hacking outfit Star Blizzard, which is accused of meddling in UK politics. Prior to the 2019 UK general election, leaked trade documents between the US and the UK were also stolen.
Russia has been conducting a cyberwar against the West since 2014, when it annexed Crimea. This campaign has been carried out by a number of elite units run by Russian military and foreign intelligence, as well as by a cutting-edge group known as Turla that is connected to the “16th center” of the Russian Federal Security Service (FSB).
However, analysts pointed out that the less well-known Centre for Information Security, or Centre 18 of the FSB, was notable for its propensity to release compromised data for political reasons as well as its history of using proxies to further the political objectives of the Kremlin.
According to Andrei Soldatov, an investigative journalist and authority on Russian intelligence agencies, “the 16th is more sophisticated, technically.” He called that select group a “tech agency essentially,” drawing a comparison between it and the UK’s GCHQ. In comparison, the 18th was more akin to “the CIA [getting] some tech and freedom to use proxies and criminals,” as evidenced by its spear-phishing and hack-and-leak activities.
Although Star Blizzard’s headquarters are located in an office complex in downtown Moscow, the two employees who were targeted for penalties on Thursday were connected to Syktyvkar, a distant regional capital located about 1,000 kilometers northeast. According to a security researcher cited by Reuters, one was an FSB officer and the other was reportedly a “central figure” in the city’s hacker community.
Prior to this, the US has charged that Center 18 hired cybercriminals to launch political attacks. Dmitry Dokuchaev, an FSB officer assigned to the unit, was charged in a 2017 US criminal indictment with aiding and abetting a massive hack of at least 500 million Yahoo accounts. Prosecutors claimed that Dokuchaev “protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the US and elsewhere.” Dokuchaev and other FSB officers were not involved in the hack, according to Russia.
Scientists at US nuclear research institutes have been among Centre 18’s recent targets, as Russian hacking groups have been more active following Vladimir Putin’s full-scale invasion of Ukraine.
The group’s signature tactic, however, continues to be the theft and dissemination of private communications and documents in order to stir up political controversy.
Emails sent by Richard Dearlove, the head of MI6 from 1999 to 2004, to a private group of hard-Brexit advocates were leaked in 2022. He said that the group had come together due to concerns about the UK’s terms for leaving the EU.
Emails discussing a canceled pressure campaign code-named Operation Surprise were “swiped from the computer of a retired professor in deepest England who I had emailed in the past,” Dearlove claimed in an article published last year.
Dearlove asserted that the emails, which were published online under the heading “Very English Coop d’Etat,” were misinterpreted and that they purported to be a “lawful lobbying exercise.”
The stolen emails were then combined and posted online in an effort to produce this absurdly theatrical situation, the author stated at the time. In this way, we were charged with trying to overthrow the UK government in favor of Brexit.
According to the UK’s National Cyber Security Centre, Star Blizzard has been using social engineering techniques to “build a rapport” with targets and gathering information from social networking sites like LinkedIn. After delivering malicious URL links to gain sensitive credentials, Star Blizzard would distribute the documents or correspondence online by anonymous leakers.
Thursday’s discoveries also revealed that the FSB was responsible for the theft of trade documents between the US and the UK from Liam Fox, who was the British secretary of state for international trade at the time. Shortly before the UK general election in 2019, the documents were made public.
Ahead of pivotal US elections that would pair Donald Trump with Joe Biden, observers have cautioned that the organization might try to influence votes once more.
As the elections draw near, John Hultquist, chief analyst at Mandiant, a US cybersecurity company, advised keeping a tight eye on this actor. “It is evident that the FSB is interested in meddling in politics, and they have access to a lot of powerful emails.”