Australia, the UK and multiple international partners have expressed “serious concerns” over Russia-based cyber operations aiming to interfere with democratic processes after a malicious campaign against UK parliamentarians was traced as far back as 2015.
On 8 December, Minister for Foreign Affairs Penny Wong and Minister for Home Affairs Clare O’Neil released a statement calling for an end to cyber operations aimed at interfering with democratic processes.
“The Australian Government joins the United Kingdom and other international partners in expressing serious concerns about attempts to use cyber operations to interfere with democratic processes,” reads the statement.
It expressly addresses Russia-based cyber operations targeting “a range of political entities and democratic institutions” with the express intent of meddling with democratic processes in the UK.
In an international callout levied at the Russian Intelligence Services, the UK’s cyber watchdog, the National Cyber Security Centre (NCSC), described “sustained, unsuccessful attempts” at democratic interference which it expressly attributed to “Russian state cyber actors” known as Star Blizzard.
Star Blizzard – a Russia-based threat group known for ongoing, successful spear-phishing attacks targeting victims in the UK and other geographical areas – was assessed by the NCSC as being “almost certainly” subordinate to Centre 18 of the Russian federal executive body, the Federal Security Service.
Other agencies – including the US Federal Bureau of Investigation (FBI), the Canadian Centre for Cyber Security, the New Zealand Cyber Security Centre and the Australian Cyber Security Centre (ACSC) – backed this assessment.
Star Blizzard makes frequent use of spear-phishing, an attack method which tailors specific scam emails to targeted individuals.
According to the NCSC, the group’s malicious activities have seen targeting and spear-phishing of UK parliamentarians across multiple political parties dating from at least 2015 to this year.
The group has been linked to an incident where UK-US trade documents were compromised and leaked on Reddit ahead of the 2019 UK General Election, as well as a 2018 compromise of UK government-backed thinktank, the Institute for Statecraft.
Notably, the NCSC further cautioned targeting of universities, public sector, non-governmental and other civil society organisations, and deemed both politicians and journalists as “high-risk individuals”.
“The group has also selectively leaked information obtained through its operations and amplified the release in line with Russian confrontation goals, including to undermine trust in politics in the UK and like-minded states,” noted the NCSC.
According to a joint advisory available on the ACSC website, targets across multiple sectors in the US and UK have been most affected by Star Blizzard, with the group expanding its operations to include defence-industrial targets and US Department of Energy facilities during 2022.
The advisory also observed activity against targets in other North Atlantic Treaty Organisation (NATO) countries, as well as countries neighbouring Russia.
The Australian government voiced concern over the UK’s findings, stating attempts at cyber interference are “unacceptable” and “must stop”.
“Australia calls on all countries – including Russia – to act responsibly in cyber space,” reads a statement from Wong and O’Neil.
How can targets protect themselves?
In the joint advisory, the NCSC and international allies provided a range of mitigation steps for high-risk individuals to help improve their cyber resilience.
The advice leads with some basic cyber security– such as using strong, unique passwords, employing multi-factor authentication and applying regular security updates – before providing some specific advice on identifying and defending against spear-phishing attacks.
Seeing as spear-phishing is an attack vector focused on social manipulation, the joint advisory recommends at-risk individuals “exercise vigilance” and search for subtle signs such as unusual sending behaviour and unfamiliar email addresses.
Before this latest joint advisory, Russian Intelligence Services had already been exposed for its role in compromises against US-based communications company ViaSat and US network software company SolarWinds, as well as explicit targeting of critical infrastructure.
In Australia, a landmark 2022 data breach at health insurer Medibank was eventually tied to Russia-based hackers, and as recently as October, a DDoS attack at the Department of Home Affairs was claimed by a pro-Russia hacker group.
In their statement, Ministers Wong and O’Neil said the Australian government is investing in protecting public institutions and strengthening national cyber security defences.
“We will continue to work with international partners to promote international law and the norms of responsible state behaviour in cyber space and hold states to account if they act contrary to these international obligations and expectations.”