Russian State Actors Target UK Critical Infrastructure in New Cyber Campaign

A new report by CYFIRMA reveals an alarming escalation in cyber threats targeting the UK, orchestrated by Russian state-sponsored actors and privateer groups. Sophisticated campaigns now focus on critical infrastructure, government entities, and supply chains, reflecting a dangerous shift in geopolitical tensions.

Russia’s cyber strategy has grown increasingly aggressive since the start of the war in Ukraine. CYFIRMA identifies key actors behind the UK’s rising threat level, including:

• Sandworm: Infamous for deploying destructive malware like NotPetya and more recently WhisperGate.
• APT29 (SVR): The sophisticated espionage group known for targeting government, financial, and healthcare sectors.
• Privateer cybercriminals who operate with “Kremlin leniency” to supplement state-sponsored operations.

CYFIRMA states: “The UK faces an escalating cyber threat landscape dominated by sophisticated Russian actors, including state-affiliated groups like Sandworm and APT29, as well as privateer entities operating with Kremlin leniency.”

These groups use a mix of spear-phishing, ransomware, and supply chain attacks to compromise systems, steal sensitive data, and disrupt operations.

One of the report’s key findings is the heightened targeting of critical infrastructure, including energy, transportation, and defense sectors. Notable incidents include:

• Defense Plants Attacked: CYFIRMA reports sabotage against a London aid warehouse (March 2024) and a Welsh ammunition factory (April 2024).
• Physical Sabotage: A suspected Russian plot to bomb a DHL facility in Birmingham (July 2024) was flagged as an attempt to cause catastrophic damage.

The report describes this campaign as “arguably the most significant the West has faced since World War II.”

Russian cyber espionage continues to target UK government bodies, businesses, and academic institutions. CYFIRMA highlights the role of APT29, also known as Star Blizzard, which conducts:

• Spear-phishing attacks: Targeting politicians, think tanks, and defense entities.
• Leaking stolen emails: Used as part of Russia’s information warfare to manipulate narratives.

The report warns: “Hostile activity in UK cyberspace has increased in frequency, sophistication, and intensity… Actors are using our technology dependence against us, seeking to cause maximum disruption and destruction.”

In addition to state actors, Russian-linked hacktivist groups have intensified their activities under the banner of #OpUK. Prominent groups include:

• Noname057(16): Launched DDoS attacks against UK financial institutions and aviation sectors in November 2024.
• OVERFLAME: Collaborated with pro-Palestinian hacktivists to amplify cyber disruptions.

Source: CYFIRMA

CYFIRMA highlights a troubling trend: “There has been significant collaboration between pro-Palestinian and Russian hacktivist groups, frequently exchanging tools and resources.”

Supply chains remain a key target for Russian actors, as seen in past incidents like the SolarWinds compromise. CYFIRMA reports that Russian threat actors use supply chain vulnerabilities to:

• Compromise downstream systems.
• Exfiltrate sensitive data from trusted vendors.

The report emphasizes: “Targets of opportunity are identified through mass scanning of internet-facing systems with unpatched vulnerabilities, making any organization with such weaknesses a potential victim.”

The UK’s National Cyber Security Centre (NCSC) has responded by mitigating over 430 incidents in 2024 alone—a sharp increase from the previous year. Working alongside international partners, the NCSC has disrupted multiple Russian campaigns, but CYFIRMA warns that the scale and intensity of attacks are likely to grow.

Security officials, including MI6 head Richard Moore, have called Russia’s actions a “staggeringly reckless campaign” of sabotage, demanding stronger defenses.

The CYFIRMA report underscores the urgency of addressing Russian cyber threats against the UK. With state-sponsored actors, privateers, and hacktivist collaborations in play, the UK must remain vigilant to prevent widespread disruption.

As CYFIRMA concludes: “Russia has solidified its position as a capable, motivated, and irresponsible cyber threat actor. Their operations are increasingly aligned with military objectives, exploiting systemic vulnerabilities to maximize disruption.”

Related Posts:

• Professional Goods & Services at Risk: Decoding CYFIRMA’s Cybersecurity Report
• Wish Stealer: New Malware Targets Discord, Browsers, and Cryptocurrency Wallets
• SpyNote Malware: Fake Antivirus Targets Android Users in Sophisticated New Campaign
• China-Linked Phishing Campaign Exploits Geopolitical Tensions, Ravages Asian Finance Sector