UK exposes Russian spy agency behind cyber incidents

The UK, together with the US and other allies, has exposed historic malign cyber activity of Russia’s Federal Security Service (FSB) - the successor agency to the KGB.

The National Cyber Security Centre assess that it is almost certain that the FSB’s Centre 16 are also known by their hacker group pseudonyms of ‘Energetic Bear’, ‘Berserk Bear’ and ‘Crouching Yeti’, and conducted a malign programme of cyber activity, targeting critical IT systems and national infrastructure in Europe, the Americas and Asia.

The group has been indicted by the FBI for targeting the systems controlling the Wolf Creek nuclear power plant in Kansas, US in 2017 but failed to have any negative impact.

The FSB’s long raft of malign cyber activity includes: targeting UK energy companies; sustained and substantial scanning and probing of networks in the American aviation sector, and exfiltration of data in aviation and other key US targets; posing as the Russian Federal Tax Service to conduct spear-phishing attacks against Russian nationals; and attempting to spear-phish the press secretary of Mikhail Khodorkovskiy, a UK-based longstanding critic of the Kremlin, and monitoring a website he set up to expose corruption in the Russian government.

Foreign Secretary Liz Truss has used the UK’s cyber sanctions regime to designate a Russian defence ministry subsidiary, the Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), for an incident involving safety override controls in a Saudi petro-chemicals plant in 2017.