Emails between leading pro-Brexit figures in the UK have seemingly been stolen and leaked online by what could be a Kremlin cyberespionage team.
The messages feature conversations between former spymaster Richard Dearlove, who led Britain’s foreign intelligence service MI6 from 1999 to 2004; Baroness Gisela Stuart, a member of the House of Lords; and Robert Tombs, an expert of French history at the University of Cambridge, as well as other Brexit supporters. The emails were uploaded to a .co.uk website titled “Very English Coop d’Etat,” Reuters first reported this week.
Dearlove confirmed his ProtonMail account was compromised. “I am well aware of a Russian operation against a Proton account which contained emails to and from me,” he said. The Register has asked Baroness Stuart and Tombs as well as ProtonMail for comment. Tombs declined to comment.
Judging from the “Coop” website, all of the people listed have ProtonMail accounts that have been broken into and had their contents siphoned. We understand that the messages dumped on the site for all to download mostly appear to be discussing campaigns advocating for the UK to leave Europe.
Shane Huntley, director of Google’s Threat Analysis Group (TAG), said the email security breach appears to be the handiwork of Cold River, a government-backed group in Russia also known as Callisto.
The team typically targets email accounts of politicians, NGOs, think tanks, and journalists, as well as members of the government and military. Cold River has sent links to phishing websites in emails as well as PDFs and documents from Google Drive or Microsoft One Drive accounts, we’re told.
It’s not clear how the email account, or accounts, were infiltrated. Huntley said it’s the first time he has seen the group leak information for what could disinformation purposes.
“Reporting on [disinformation] activity is difficult,” he tweeted. “It’s too easy to amplify the campaign and increase the effect. As we take a breath, we note that this is a pretty clumsy campaign, and maybe based on just one hacked ProtonMail account.”
Google’s TAG unit said it has noticed increased activity from Eastern Europe from what appear to be government-backed miscreants amid Russia’s invasion of Ukraine. These snoops are targeting personal accounts of leading figures in various industries, including oil and gas, manufacturing, and telecommunications groups.
“Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links. Financially motivated and criminal actors are also using current events as a means for targeting users,” TAG said in a blog post this month.
If the leaked emails – available all together in a 33MB Zip archive – are authentic, it’s the second time Russian spies are believed to have stolen documents and leaked emails from leading British officials, according to Reuters.
The personal email account of Conservative MP Liam Fox, former trade minister and Secretary of Defense, was reportedly phished by Kremlin snoops in 2019. Documents leaked from his inbox were seized by rival Labour Party members, who claimed the files showed the Tories were planning to sell out Britain’s National Health Service to the Americans. ®