Revealed: Russian hackers behind NHS attack are part of Kremlin-protected cyber army

15 comments

1. Russian hackers behind the NHS attack are part of a wider cyber army working under the Kremlin’s protection to try to destabilise the UK ahead of the election, i can reveal.

   European investigators on the frontline of hunting Russian cyber criminals have found that hacking group Qilin, which has been held responsible for the attack, is merely one arm of a much wider web of hacking affiliates.

   Hackers, using servers based in Russia, are working under Moscow’s protection to carry out attacks on UK critical infrastructure. The recent attack on the NHS has been seen as a “major escalation” of the Kremlin’s use of cyber warfare, according to investigators, whose work i was given exclusive access to.

   The hacking syndicate, made up of more than 100 groups, is not believed to be under the direct control of the Russian Government but is rather seen as a useful tool of global disruption that the Kremlin is happy to turn a blind eye to. Hackers enjoy safe haven in Russia, from where they carry out ransomware attacks, so long as they do not cross red lines or cause too much diplomatic uproar, i has been told.

   Ciaran Martin, the former chief executive of the National Cyber Security Centre (NCSC), told i: “The Russian state does not control or direct criminal cyber groups but it does in effect set the parameters of who they are allowed to attack.”

   Internal messages between the Russian hackers, seen by i, show them asking a higher authority from the group’s leadership for permission to attack specific targets in the UK on previous occasions.

   Until earlier this month, attacks on other nation’s healthcare services which could potentially lead to casualties were seen as “off limits” by the Kremlin. But the attack on NHS provider Synnovis on 3 June represents a loosening of the reins that the hacking groups work under, leading to national security concerns among Western intelligence agencies.

   A detailed security briefing from European investigators on the forefront of the West’s fight against Russian cyber crime groups, and interviews with three UK sources, reveal the worrying escalation in cyber warfare against Britain ahead of the election.

   All of the UK sources warned that the country could face more attacks on critical national infrastructure which could disrupt services, meddle with democracy, and threaten lives.

   “The Kremlin has lifted a block on UK targets it once thought were a step too far,” a UK intelligence source told i. “I expect we will see a drastic rise in cyber attacks to critical services over the next 12 months.”

   Another called the attack a “significant escalation” which challenges the definition of an “act of war”.

   In the recent NHS hack, Qilin, which has a record of attempting to extort money, stole records covering 300 million patient interactions, including the results of blood tests for HIV and cancer, and led to the cancellation of over 1,000 operations and 2,000 appointments.

   The group later published a tranche of highly sensitive NHS records they stole into the public domain last Friday, after failing to receive a ransom payment.

   The National Crime Agency (NCA) leads the UK’s response to cybercrime and is currently weighing up the possibility of taking retaliatory action against the group, working with the Federal Bureau of Investigations (FBI) to determine the scale of the attack.

2. Don’t worry Farage will be along soon to explain they only did it because we provoked them.

3. > [N]ew evidence compiled by investigators, seen by *i*, shows that the Qilin group is part of a front for a Russian-state protected cyber army, acting to cause chaos and disruption in the lead up to the UK election.

   We’re still having Russian interference with our elections. Can we please look after our (digital) borders?

4. An attack on British soil implies that we are allowed to retaliate on Ruzzian soil.

5. It’s always a highly sophisticated nation state level attacker, and never that the IT departments recommendations were overruled by a very senior but non-technical manager who doesn’t take it seriously and can’t bear any personal inconvenience.

6. It’s time to strike back. Cripple their infrastructure, destroy their banking system.

7. Reform party that backs Russia, says NHS is to woke and uses rainbow flags and should be privatised like water, housing, public transport and energy to help the top 1% in UK society.

8. Russia is at it everywhere. From trolls to bots, from useful idiots to influence operations and disinformation, from kompromat to straight up bribery and cyber crime. It’s an undeclared war aimed at stoking division in us and our allies. They have been at it for years and it’s not going to go away. It has to be fought.

   **Russian web brigades – Troll factories**

   https://en.wikipedia.org/wiki/Russian_web_brigades

   **How Pro-Russian Disinformation is Laundered:**

   https://www.svt.se/special/how-pro-russian-disinformation-is-laundered/

   **Russian trolls target U.S. support for Ukraine, Kremlin documents show**

   https://archive.ph/MQBjt#selection-519.0-519.70

   Report mentioned in the above article:

   **Infektion’s Evolution: Digital Technologies and Narrative Laundering: Clemson University Report**

   https://tigerprints.clemson.edu/mfh_reports/3/

   **Russian disinformation attacks on elections: Lessons from Europe.**

   https://www.congress.gov/event/116th-congress/house-event/LC64157/text?s=1&r=10

   **Kremlin papers appear to show Putin’s plot to put Trump in White House**

   https://amp.theguardian.com/world/2021/jul/15/kremlin-papers-appear-to-show-putins-plot-to-put-trump-in-white-house

9. I knew the top comment would contain the word “Farage”… 😂

10. No shit… Did we even need confirmation of Russia or china hacking our high value personal info?

11. This is war, we need to do something against them. Sending troops into Ukraine should now be on the table

12. Russians are dying in storm shadow strikes on what they see as their rightful territory. Did everyone really expect them to just take it and not respond?

13. Wow! Who could’ve seen that coming? /s
    At what point do we consider these things acts of war? They are killing people on British soil, both directly (in the case of Litvinenko and Salisbury) and indirectly via attacking our infrastructure. And still you have some dipshits in the West that support Russia to spite the globos. The West and NATO need to start getting seriously tough, and now.

14. That bbc series with Simon pegg in it about cyber warfare not looking so silly now

15. Any slightly competent group could hack the outdated garbage software trusts use – and to make it better every trust uses a different system so you can’t even have a unified migration policy.