In 2016, it went unreported that the UK’s Foreign Office was targeted by a group of highly motivated and well-resourced hackers over several months. The UK’s National Cyber Security Centre has been working with the FCO in response to the attack but has not confirmed whether any data was stolen.
Cause: It is understood the Callisto Group was behind the campaign and evidence suggests the Callisto Group has ties with nation states, China, Russia and Ukraine. The attackers created a number of web addresses which resembled Foreign Office websites, including those used for accessing webmail. The spear phishing emails that were sent aimed to fool recipients into downloading malware which was first developed for law enforcement by the software company Hacking Team, however there is no suggestion that Hacking Team had any involvement in the attacks in 2016.
Effect: It is not clear whether the attack was successful or what motivations were behind the attack. One anonymous security professional said there are links to the Russian efforts to influence the US election as two of the phishing domains involved were linked to an IP address quoted in a US government report. In a statement, the UK’s National Cyber Security Centre (NCSC) said: “The first duty of government is to safeguard the nation and as the technical authority on cyber security, the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world. The government’s Active Cyber Defense program is developing services to block, prevent and neutralise attacks before they reach inboxes,”.