NCSC Alert: British Journalists & Politicians Are Hacking Targets

Russian and Iranian government-linked hackers are focusing on British politicians, journalists and researchers with the aim to get access to their email accounts.

Britain's National Cyber Security Centre (NCSC) has now published an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues. Researchers say that the hackers target their victims,  impersonating people known to them using fake email addresses and social media profiles.

NCSC Director of Operations, Paul Chichester, said “The UK is committed to exposing malicious cyber activity alongside our industry partners and this advisory raises awareness of the persistent threat posed by spear-phishing attacks... These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems.

“We strongly encourage organisations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”

The Russian group is thought to be Cold River, which is also known as Callisto and Seaborgium, which hacked nuclear research operations in the US and they leaked emails from ex-MI6 chief Sir Richard Dearlove. Similar methods have also been used by the Iranian based group ‘Charming Kitten’ to collect information. Independent cyber-security experts have linked the group to the nation’s Islamic Revolutionary Guard Corps, and it is alleged that it has targeted US politicians as well as critical infrastructure.

Both groups have recently increased their hacking in the UK as the war in Ukraine continues and they are also actively hacking the US and other NATO members with the aim is to steal secrets and to leak correspondence online to embarrass high-profile figures.

The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.

Although the method is one of the oldest hacking techniques, but the NCSC say that what distinguishes the two groups is the effort made to fool their targets, including creating “fake social media or networking profiles that impersonate respected experts” and offering invitations to nonexistent conferences relevant to their targets.

Immanuel Chavoya, Senior Manager of Product Security at SonicWall commented "..The latest data shows how bad actors are getting smarter in the development of evolutionary strains and more targeted in their assaults.” 

The NCSC encourages people to use strong email passwords and one recommended technique is to use three random words, and not replicate it as a login credential on other websites. It also recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.

Organisations and their employees should be particularly careful when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media. 

The NCSC recommends that if individuals or organisations in the identified sectors recognise the specific and targeted activity described in the advisory, they should report it to them.

NCSC:      Guardian:    BBC:   WION:   FirstPost:   The Times:    AA

You Might Also Read: 

Cyber Threats & Nuclear Fears:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Preventing Ransomware Attacks Begins With You
Will The Insider Threat Intensify During The Recession? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Kaseya

Kaseya

Kaseya is a premier provider of unified IT management and security software for managed service providers (MSPs) and small to medium-sized businesses (SMBS).

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

IdentityIQ

IdentityIQ

IdentityIQ is a US-based identity theft and credit protection company designed to help users stay on top identity thieves and data breaches.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

RhodeCode

RhodeCode

RhodeCode is an open source repository management platform. It provides unified security and team collaboration across Git, Subversion, and Mercurial.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

Panther Labs

Panther Labs

Panther’s mission is to make security monitoring fast, flexible and scalable for all security teams.

O'Reilly Media

O'Reilly Media

O’Reilly’s help professionals learn best practices and discover emerging trends that will shape the future of the tech industry.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.

Black Belt Secure

Black Belt Secure

We provide critical cybersecurity services such as managed security, ransomware mitigation, penetration testing, system auditing and compliance services to your organization.