Fraud Management & Cybercrime , Geo Focus: The United Kingdom , Geo-Specific
Russian Hackers Suspected of Accessing Email of British MPScottish National Party MP Stewart McDonald Warns Disinformation May Follow
A Scottish nationalist politician says hackers apparently from Russian intelligence penetrated his private email account, and he is warning constituents that his messages may become part of a disinformation campaign.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
Stewart McDonald, a member of the Scottish National Party and a member of the U.K. Parliament, tweeted early Wednesday that he had been the victim of a spear-phishing attack whose tactics matched those detailed in a recent government advisory about activity from the Russia-based Seaborgium group.
"I have to assume that some of the stolen information may appear online," McDonald wrote. "I also don't doubt that, in amongst some genuine emails, there will be emails that are entirely false, mixed in amongst emails that are genuine. It's an old tactic," he added. Cybersecurity organizations, including the University of Toronto's Citizen Lab, have documented "tainted leaks" by Russian actors who smuggle false information into a large set of authentically stolen data.
Speaking to the BBC, McDonald said the attack began Jan. 13 when he received an email that appeared to come from a staffer on a subject related to Ukrainian defense. He clicked and filled in his email credentials at the prompt to access the attached document, supposedly a military update.
The BBC reports that McDonald contacted the National Cyber Security Center just as the agency was preparing to release its Seaborgium alert. As the BBC says, the British government has not formally accused the Russian state of being behind the threat actor (see: UK Warns of Surge in Russian, Iranian APT Phishing Threats).
"Having spoken with officials from parliament's security team and also NCSC, I am confident that my inboxes are now secure. The private email account that was criminally hacked is now no longer actively used by me," McDonald tweeted. His official email - including sensitive constituent data contained in it - was unaffected by the hack, he also said.
Russian-backed advanced persistent threat groups actively target Western organizations and leaders critical of Russia's war in Ukraine. McDonald, a 2020 recipient of the Ukrainian Order of Merit, has long advocated for Ukraine's right to exist free of Russian domination.
British politicians are particularly vulnerable to social engineering attacks because a large volume of data, including phone numbers and social media accounts of politicians, is publicly listed on the U.K. Government Communication Service website, security researcher Richard De Vere told Arab News earlier this year.
An NCSC spokesperson told Information Security Media Group that it is continuing to support the politician. They also said the NCSC regularly provides security briefings and guidance to parliamentarians, including "expert advice for MPs and their staff."