Behind hacking of emails of pro-Brexit activists, a group of Russian hackers

Google has attributed to a group of Russian pirates the hacking and recent publication of e-mails of frames of the pro-Brexit movement.

Le Monde

A site that has put online emails presented as from hacked accounts of several key figures of the pro-Brexit movement in the United Kingdom is linked to a group of Russian pirates, says Google, based On a technical analysis led by its researchers in computer security.

Called “Very English Coop from State” (“a very English coup”), the site has published personal emails allocated to the former head of the British intelligence services Richard Dearlove and to activists Pro-Brexit. These messages are presented as the evidence of a plot hatched by the hard wing of the Brexit movement aimed at dismissing the former Prime Minister Theresa May, to replace it with Boris Johnson, during the negotiations relating to the exit of the European Union.

According to the analysis of computer security researchers of the Threat Analysis Group of Google, known as one of the best in the world, several technical elements allow this site to be linked to the pirate group called “Cold River”. In recent months, this group has tried to hack e-mail accounts used by “civil servants and soldiers, elected officials, employees of associations or think tanks, and journalists”, especially in Eastern Europe, Noted Google in a previous report . The company says this group is in Russia, without directly connecting it to a Russian intelligence or security service.

The address of “Very English State Coop” was recorded on April 19, three days after Boris Johnson was prohibited from entry into Russian territory due to the support of the United Kingdom to Ukraine , Note the Reuters agency . The address of the site contained the words “Sneaky strawhead” (“deceitful straw”), which seems to be a reference to the hairstyle of the current British Prime Minister.

classical operations mode operations Russian destabilization

The operating mode – hacking of e -mail accounts whose content is then disseminated online – recalls that of previous operations allocated to the Russian intelligence services, including the hacking of emails from the American Democratic Party in 2016 or “Macronleaks” In 2017. In the United Kingdom, confidential documents on Brexit negotiations had also been published online, in 2019, after being hacked on the email account of the Minister of Trade at the time, in an operation allocated to Russia.

The emails published by “Very English Coop of State” have not been formally identified, but the former chief of the Mi6, Richard Dearlove, implied that they were probably in large part authentic, Considering, in a declaration to the Reuters agency, that they mentioned “a lobbying operation [pro-boris johson], presented in a distorted and hostile manner”.

Most emails could come from one and the same account, a personal box by M. Dearlove. “It is not easy to write on disinformation operations without amplifying them and increasing their effects, writes Shane Huntley , Google Threat Analysis Group. But if we take a step back, we see that this campaign was quite clumsy.”

/Media reports.