The British government has summoned the Russian ambassador and sanctioned two people for what it said was a sustained but failed attempt to interfere in politics by Russian cyber spies.
A hacking group dubbed "Cold River" by cybersecurity researchers, working on behalf of Russia's Federal Security Service (FSB), targeted British politicians, journalists, and non-profit groups over a period of several years, the foreign office said.
"I can confirm today that the Russian Federal Security Services, the FSB, is behind a sustained effort to interfere in our democratic processes," junior foreign minister Leo Docherty said in a statement to lawmakers.
There was no immediate comment from Moscow, which routinely casts cyberespionage accusations as false smears by the West. Russia's foreign ministry has previously dismissed Reuters reporting on Cold River as anti-Russian propaganda.
The group, which is also known as "Callisto" or "Star Blizzard," first appeared on the radar of intelligence professionals after it targeted Britain's foreign office in 2016. It was also behind the leak of private emails belonging to former British spymaster Richard Dearlove in 2022.
In January this year, Reuters exclusively reported that Cold River had targeted three nuclear research laboratories in the United States.
That report, which drew upon internet records and research from five cybersecurity experts, revealed that much of the digital infrastructure used by Cold River was set up by a 36-year-old IT worker named Andrey Korinets, in the northern Russian city of Syktyvkar.
Reached by phone, Korinets, one of the two individuals to be sanctioned by Britain on Thursday, told Reuters he was unaware of any measures against him, or why such sanctions would have been initiated.
Korinets declined to answer further questions and telephone calls from Reuters.
'Cyber Centre 18'
Cold River sits within the FSB's "Centre 18," one of two known cyber espionage units at the intelligence agency.
A Western official, speaking on condition of anonymity, said the group was still very active, and was part of Moscow's "Active Measures" intelligence-gathering ecosystem - a Cold War era term used by the Soviet Union to describe covert political disinformation campaigns.
The group targets the personal email inboxes of high-profile victims, Reuters found, including at least three former British intelligence officials.
"Because of the UK’s support for Ukraine we are in a state of ‘grey warfare’ with Russia; and the Russians will use every means at their disposal to attack British interests short of open conflict," Richard Dearlove, the former head of Britain's Secret Intelligence Service, or MI6, told Reuters.
Many of Cold River's targets were vocally critical of Russia and its war in Ukraine.
Stewart McDonald, a British lawmaker who has publicly supported Kyiv and for years spoken out against Russian interference, said in February that his private emails were hacked by the group.
"Russia's military intelligence service, the GRU, has received the lion's share of the attention when it comes to election-related activity, which is only natural given their history of serious incidents in the United States and France, but this actor is one to watch closely as elections near," said John Hultquist, who heads threat analysis at Google's Mandiant Intelligence.
"The FSB clearly has an interest in political interference, and hacked emails are a powerful tool," he said.