A number of Brexit-related emails that were recently leaked online came from the hands of Russian hackers, Google’s cybersecurity experts have said.
The team detected a new website, entitled “Very English Coop d’Etat”, which reportedly leaked multiple emails from a couple of high-ranking government officials, involved one way or another, in the UK’s split from the European Union: including former MI6 chief Sir Richard Dearlove, Gisela Stuart, lead Non-executive Board Member for the Cabinet Office, historian Robert Tombs, and others.
The site does not detail if any malware (opens in new tab) was used in the attack, or even who was behind the campaign.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
War with Ukraine
Analyzing the website, the director of Google’s Threat Analysis Group (TAG), Shane Huntley, told Reuters that all evidence points towards a Russia-based hacking group known as “Cold River”.
"We're able to see that through technical indicators," Huntley noted.
Reuters, which broke the story, said it could not confirm the authenticity of the emails, but some of the people involved did hint that it might be true. Dearlove, for example, told Reuters he was “aware of a Russian operation against a Proton account which contained emails” to and from him, but also added that the leaked contents should be taken with a whole bag of salt due to “the context of the present crisis in relations with Russia”.
After all, the UK has openly sided with Ukraine in the ongoing conflict, providing the country with arms and other means of support. Furthermore, Prime Minister Boris Johnson was banned from Russia in mid-April over his support for Ukraine.
Tombs also said he was aware of “Russian disinformation based on illegal hacking” and provided no further comment. Others remained silent.
The only thing that has proven trickier than confirming the authenticity of the emails, is proving who is behind the attack on these endpoints (opens in new tab). Thomas Rid, a cybersecurity expert at Johns Hopkins University, told Reuters the modus operandi in this attack is quite similar to some of the previous ones conducted by Russian attackers.
"What jumps out at me is how similar the M.O. is to Guccifer 2 and DCLeaks," he said. The leaks he mentioned happened just before the U.S. presidential elections in 2016.
"It looks very familiar in some ways, including the sloppiness," he said.