Iranian and Russian hackers ‘ruthlessly’ trying to steal information from UK journalists and politicians

GCHQ has issued an alert over “ruthless” spear-phishing attacks on organisations and individuals

Iranian and Russian hackers have been “ruthlessly” trying to steal sensitive information from British journalists and politicians, and urged people to “remain vigilant”.

The National Cyber Security Centre (NCSC), part of GCHQ, issued a fresh alert on increased hacking attempts directed at individuals and groups - not at members of the public.

The NCSC alert said the hackers are using spear-phishing attacks, which involves building trust with the victims by impersonating real contacts before then sending meeting invitations containing a malicious code. Once the code is clicked on it allows hackers to access sensitive information.

The alert added that targets of these attacks were usually those doing research and work on Iran and Russia.

It added that the hacking campaigns were separate but the alert was being issued on both due to their use of similar techniques and targets.

The NCSC’s alert stated: “The Russia-based SEABORGIUM (Callisto Group/TA446/COLDRIVER/TAG-53) and Iran-based TA453 (APT42/Charming Kitten/Yellow Garuda/ITG18) actors continue to successfully use spear-phishing attacks against targeted organisations and individuals in the UK, and other areas of interest, for information gathering activity”.

‘Remain vigilant’

NCSC’s director of operations Paul Chichester urged potential targets to use the centre’s advice to protect themselves.

He said: “The UK is committed to exposing malicious cyber activity alongside our industry partners and this advisory raises awareness of the persistent threat posed by spear-phishing attacks. These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems.

“We strongly encourage organisations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”

The centre advised the use of strong passwords, multi-factor authentication and email vigilance including disabling mail-forwarding to reduce the risk of being hacked.

The government has vowed to update the UK’s cybersecurity laws after there has been increasing levels of cyber attacks targeting critical infrastructure in countries around the world as a way of inflicting substantial damage on entire nations.

In late November the government said the updates would be made as soon as parliamentary time allows.

However, at the time, the NCSC said the cyber security threat to the UK had “evolved significantly” over the past year. Eighteen cybersecurity incidents had required a nationally coordinated response.