Russian hackers stole sensitive documents relating to US-UK trade negotiations from the email account of the then international trade secretary Liam Fox, according to multiple reports.
The documents, leaked in the run up to last year’s general election, revealed that the government had discussed the NHS during the trade talks despite pledging in its manifesto not to do so. After they were breached, the documents appeared online and were used by the then leader Jeremy Corbyn to support claims that the NHS was up for sale.
Reuters, which revealed that Fox’s email account was the source of the breach, reported that the hackers’ campaign spanned from 12 July to 21 October, citing two anonymous sources. According to the report, the hackers used a spear-phishing message to gain access to the account.
The BBC has since revealed that the group which spread the documents, but may or may not have also orchestrated the breach, is Secondary Infektion, a different Russian operation to the one that carried out the cyber attack on the US Democratic Party ahead of the 2016 presidential election.
A government spokesperson said: “There is an ongoing criminal investigation into how the documents were acquired, and it would be inappropriate to comment further at this point. But as you would expect, the government has very robust systems in place to protect the IT systems of officials and staff.”
A spokesperson for the National Cyber Security Centre added: “We have worked closely with political parties for several years on how to protect and defend against cyber attacks – including publishing advice on our website. There is an ongoing criminal investigation and it would be inappropriate to comment further at this stage.”
Increasingly sophisticated spear-phishing attacks
Jake Moore, a security specialist at the security vendor ESET, warned that while spear-phishing “is not necessarily growing in frequency”, “the attack vector is clearly being conveyed in more ingenious and craftier ways than we have seen before. Victims are highly likely to be aware of such tactics, which goes to show the level these hackers are now at.
“Moreover, the emails targeting these high profile figures rarely stop at just one attempt either. These will flood in and many will be masqueraded as a known contact to the victim. The language and tone will fit perfectly and the demands will sound convincing. Even astute, savvy victims can often trip up when enough pressure is mounted.”