The former head of MI6 and a Cabinet minister had emails stolen by Russian intelligence in a Kremlin campaign to undermine British democracy. The Russian Federal Security Service (FSB) launched cyber attacks on hundreds of MPS, peers, senior officials and journalists in an attempt to meddle in UK politics, Leo Docherty, a senior Foreign Office minister, has said. The Government had sanctioned two Russians, including a senior FSB agent, over the attacks, he told the Commons.

THE former head of MI6 and a Cabinet minister had their emails stolen by Russian intelligence as part of a Kremlin campaign to undermine British democracy, it has emerged.

The Russian Federal Security Service (FSB) launched cyber attacks on hundreds of MPS, peers, senior officials and journalists in an attempt to meddle in UK politics, a senior foreign office minister has said.

Leo Docherty told the House of Commons that the Government had sanctioned two Russians, including a senior FSB agent, in connection with the cyber attacks. He said the spies had worked inside the FSB’S Centre 18 and for a hacking group named “Star Blizzard”.

Among the victims was Sir Richard Dearlove, the chief of MI6 between 1999 and 2004, who said his emails were compromised after a friend’s account was hacked in 2020.

Sir Richard’s messages were leaked online and doctored in an effort to allege a conspiracy to bring down the Brexit withdrawal agreement.

He said the Government had recently approached him to tell him he had been a victim of the Russian state hackers.

“I think the Government has now got so many incidents they thought it was time to go public,” he said.

Star Blizzard was also responsible for the theft of US-UK trade documents from Liam Fox, the then international trade secretary.

The documents were subsequently leaked publicly prior to the 2019 general election, and used by Jeremy Corbyn, the then Labour leader, to claim “the NHS is on the table and will be up for sale”.

The documents, it later emerged, had been circulating online and been shared by anonymous accounts on Reddit and Twitter, having apparently been stolen and then leaked by Russian agents.

In 2020, Reuters reported they had been hacked from an account used by Dr Fox. Russia’s ambassador in London was summoned by Lord Cameron, the Foreign Secretary, to explain the industrial-scale attempt to interfere with UK democracy and Russia sent a deputy in his place.

Mr Doherty told MPS Russian hackers had “targeted members of this House… they have been targeting civil servants, journalists and NGOS”.

“They have been targeting high-profile individuals and entities with a clear intent – using information they obtain to meddle in British politics.”

The Foreign Office said it would be sanctioning Ruslan Peretyatko, a Russian FSB intelligence officer, and Andrey Korinets, a member of Star Blizzard. The Russian embassy called the sanctions “illegitimate unilateral restrictions”. The US Department of Justice said it would be offering up to $10million (£7.9m) for further details on the alleged hackers. In court filings, the US accused the pair of targeting American defence and energy officials, as well as intelligence officers, and of hacking attacks in Ukraine.

The hackers gained access to victims’ emails by “spear phishing” – a technique that uses subterfuge to deceive targets into revealing sensitive information or login details.

The attacks originated from within the FSB, formerly known as the KGB, from a body known as “Centre 18”.

The hacking efforts have been underway since at least 2015 and targeted multiple political parties.

Other victims included Chris Donnelly, the director of the Institute for Statecraft, a UK think-tank which had initiatives to defend democracy against Russian disinformation in 2021.

Western security officials said all known victims had been warned and that GCHQ’S National Cyber Security Centre planned to issue more guidance to senior level individuals at risk of future hacks. Lord Cameron said Russian efforts to interfere with British politics had “failed”, adding: “Russia’s attempts to interfere in UK politics are unacceptable and seek to threaten our democratic processes. Despite their repeated efforts, they have failed.”

Oliver Dowden, the Deputy Prime Minister, added: “We will continue to call this activity out, to raise our defences, and to take action.”

The centre of the hacking operation is a drab city in the Urals almost 1,000 miles north-east of Moscow. Within the Arctic Circle, a bodybuilder working for Russia’s FSB intelligence service had been quietly running a campaign to undermine British democracy.

Over the past eight years, Andrey Korinets, a cyber hacker, targeted hundreds of MPS, peers, senior Government officials, academics, journalists and the former head of MI6.

Yesterday, intelligence agencies in the UK working with counterparts in the US decided to call out Mr Korinets.

Mr Korinets, they said, was a member of a cyber hacking operation given the sci-fi sounding name Star Blizzard. Mr Korinets was placed on a UK sanctions list by the National Crime Agency.

Simultaneously, the US Department of Justice indicted him on a series of hacking charges and offered a $10 million bounty for his whereabouts.

His handler inside the FSB, the post-communist successor to the KGB, was identified by UK and US authorities as Ruslan Peretyatko, an FSB intelligence officer and member of Star Blizzard. The two men are part of a team based inside Centre 18, a unit within the FSB, which runs its cyber espionage operations targeting the UK.

Centre 18’s aim was to “interfere in UK political processes”.

With a general election looming, British intelligence officers fought to confirm the Centre 18’s and Star Blizzard’s role in the attempted – and occasionally successful – hacking of politicians and senior figures. Mr Korinets makes an unlikely spy in many ways. Reuters had identified Mr Korinets through a trail of digital breadcrumbs that linked him to computer servers used by the FSB.

He had a profile on a dating website, which was recently deleted, as well as a portfolio on an IT work website, which included a link to a shop to buy steroids and a fan site for a Russian queen of figure skating.

A website suggested he can bench press almost 300lbs while his Twitter account had concentrated mainly on pigeons and domain registration.

Mr Korinets had confirmed to Reuters that he owned relevant email accounts linked to cyber attacks but denied he worked for offshoots of the FSB. The Daily Telegraph understands that the groups operate out of Syktyvkar, a city in the Urals inside the Arctic Circle.

Sir Richard Dearlove, the former head of MI6, said yesterday that his emails, using the email service Protonmail, had been hacked in a cyber attack in May last year. The stolen emails were sent in 2018.

“They got into the Protonmail account of my colleague,” Sir Richard said, referring to an academic with whom he reportedly campaigned for a tougher Brexit deal than the withdrawal agreement being negotiated at the time by Theresa May.

Those emails, said the former spymaster, were passed by the hackers to a pro-kremlin supporter and then “twisted all over the place to make it look as though I was a svengali behind a conspiracy to bring down the [EU] Withdrawal Agreement.”

He added: “It seems pretty clear some of the material had been doctored.”

Investigators had linked the hack to Star Blizzard.

In a statement yesterday, Paul Chichester, the director of the National Cyber Security Centre, said: “Russia’s use of cyber operations to further its attempts at political interference is wholly unacceptable and we are resolute in calling out this pattern of activity with our partners.” Cyber security professionals have tracked the gangs with their various aliases for some years. It is only now they have been directly attributed to the Kremlin’s security apparatus.

‘Russia’s attemps to interfere in UK politics are completely unacceptable and seek to threaten our democratic processes’