The Russian government is attacking critical national infrastructure in the UK and the US, security agencies have warned.
In a joint technical alert issued by the UK’s National Cyber Security Centre (NCSC), the FBI and the US Department for Homeland Security (DHS), the Kremlin is accused of being behind an on-going hacking campaign.
The primary targets of the campaign are government and private-sector organisations, as well as critical infrastructure businesses and the internet service providers supporting those sectors.
According to the alert the attackers are attempting to secure access to computer networks for espionage purposes and to “potentially lay a foundation for future offensive operations”.
In a media briefing at the time of the statement, Ciaran Martin, the head of NCSC, confirmed that Russian hackers had successfully penetrated the computer networks of the UK’s energy grids, but did not manage to disrupt them.
Millions of machines have been targeted globally, but security agencies in the US and UK do not have “full insight into the levels of compromise” that occurred.
In a statement, Mr Martin described Russia as the UK’s “most capable hostile adversary in cyberspace” and said “dealing with their attacks is a major priority” for the UK and its US allies
“This is the first time that in attributing a cyberattack to Russia, the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from attacks.
“It marks an important step in our fightback against state-sponsored aggression in cyberspace,” Mr Martin added.
He said that “many of the techniques used by Russia exploit basic weaknesses in network systems” and said that the NCSC is “leading the way globally to issue advice and automate defences at scale to remove those basic attacks, thereby allowing us to focus on the most potent threats.”
The alert follows an advisory notice released by the NCSC earlier this month which warned that companies connected to British critical national infrastructure were being targeted by attackers, citing cybersecurity reports which suggested the hackers were based in eastern Europe.
Speaking at the CyberUK event in Manchester last week, Jeremy Fleming, the head of GCHQ, warned that the nerve agent attack in Salisbury “demonstrates how reckless Russia is prepared to be”.
“Reckless” was also the word chosen in February, when Western nations publicly and collectively attributed the NotPetya cyberattack against Ukraine to hackers working for the Russian military.
It was the first time that government agencies had stated that the Kremlin was responsible for a cyberattack, and a NATO-affiliated cybersecurity researcher compared the landmark attribution to the #MeToo movement to Sky News, noting that speaking up and naming the perpetrator is the first step towards responding to their crimes.
The UK’s Foreign Office – under which sit both GCHQ and the NCSC – responded to the NotPetya attack by threatening that it would be “imposing costs on those who would seek to do us harm”.
As tensions rose following the Salisbury attack, Robert Hannigan, the former head of GCHQ, told Sky News that the UK’s offensive cyber capabilities were “the best in the world, I think” – but launching a cyber-conflict is not a trivial thing.
“It’s a bit like launching a military conflict and I don’t think anybody would benefit from that… it would be stepping into a different dimension and really playing the Russians at their own game – they don’t care how they behave.”
Mr Martin told journalists on Monday that the purpose of the alert was to inform potential victims about the need for security and not to comment on possible UK government responses.