A series of well-resourced hacking attacks have occurred during several months in 2016, and their target was the UK’s Foreign Office. The attacks began in April of 2016 and were not reported to the public. Despite this, the attacks have still been investigated by the government. For now, the UK’s National Cyber Security Centre refuses to declare whether or not data was stolen during the attacks.
A source from within has reported that the most sensitive data was not kept on the targeted systems, which would mean that this data is safe.
A Cybersecurity company called F-Secure has published a research in which they say that the attack might have been a result of a spear-phishing campaign. This is done by carefully targeting people within certain companies, and sending them emails with rogue links. The goal here is to trick the targets and make them click on the links, or hand over their usernames and passwords. This is often done by creating fake websites that are designed to look like legitimate Foreign Office site, and after an employee would try to log in, the hackers would see their information, and use it for their own gain.
Not even F-Secure knows whether the attack was successful, but they claim that the hacker group responsible for the attack is called Callisto Group.
UK’s National Cyber Security Centre did not confirm this information, instead, they only stated that their duty is to safeguard the nation and that they’re delivering innovations which will make the UK the “toughest online target in the world”.
F-Secure claims that Callisto Group was responsible for many different attacks in the last two years and that most of their targets were in South Caucasus and Eastern Europe, but also with the UK and Ukraine.
The tools used in the attack were created by the Italian company called Hacking Team. The tools were exposed during a cyber attack that was exposed in 2015, and the F-Secure used this incident to remind the governments that the tools that they want to be created might some day end up in the wrong hands.
Hacking Team is not suspected of being involved in these attacks.
So far, we have no reports of any evidence that might identify the origin of the attack, however, it’s discovered that two of the phishing domains that were used by hackers were previously linked to a certain IP address, that was mentioned in a US government report into Grizzly Steppe.
This is the name given by the US to Russian efforts to try and influence the US election. This might mean a lot of things, but cyber security experts believe that it might be a coincidence since 300 other domains were also linked to that IP address.
Similarities were discovered between Callisto Group’s hacking style and a Russia-linked group APT28, however, it’s still strongly believed that these were two separate groups and that Callisto Group seemed less technically capable than the other one.