A sophisticated cyberattack has stolen the email accounts of British government officials and Foreign Office staff, raising serious concerns about national security and the protection of critical infrastructure in the United Kingdom.
The attack, known to cybersecurity researchers as FortiBleed, exploited a vulnerability in security equipment from Fortinet, compromising more than 80,000 firewalls. Hackers used previously stolen credentials to gain unauthorized access to sensitive government systems.
According to reports from British media, email addresses and passwords of Foreign Office staff have been exposed, including employees of British embassies in Thailand and Mauritius, as well as local government officials in Derbyshire and Waltham Forest.
The stolen credentials are being offered for sale on illegal online forums with prices reaching up to $60,000 (around £44,000).
The breach also affects institutions that provide critical services, including the NHS, energy companies and important pharmaceutical suppliers. Experts warn that the use of these credentials could serve as a basis for further ransomware attacks, with serious consequences for the functioning of public services and patient safety.
Cybersecurity expert Dr. Saif Abed said that healthcare organizations rely heavily on the devices affected by the attack and that this is a scenario that could lead to serious cyber incidents, similar to the attack on the company Synnovis in 2024, which caused the cancellation of thousands of surgeries and medical visits.
The attack was first identified by cybersecurity researcher Volodymyr Diachenko, who said the access gained by the attackers could affect key networks of the Foreign Ministry and potentially other government departments. According to analysis published by The Telegraph, the code used in the attack is written in Russian, while a user with the nickname “SantaAd” is offering access to the stolen credentials on dark web forums.
The National Cyber Security Center (NCSC) has confirmed that a "brute force" attack is underway on Fortinet devices and has urged organizations to check their networks, isolate compromised devices, and change passwords immediately.
Although there is no evidence to date directly linking the Russian state to this attack, British authorities have repeatedly expressed concern about the growing cooperation between Russian intelligence services and hacking groups. In 2024, the head of GCHQ, Anne Keast-Butler, warned that Russia was increasingly supporting these groups to carry out attacks on British targets.
The British Foreign Office and the National Health Service (NHS) have not yet commented on the incident.
Lini një Përgjigje