Russian hackers organised along the lines of the paramilitary Wagner group are seeking “to disrupt or destroy” parts of the UK’s critical national infrastructure, a cabinet minister will warn at a cyber conference in Belfast on Wednesday.
Oliver Dowden, the Cabinet Office minister, will issue a national alert to key businesses amid growing international concern that as Russia struggles in Ukraine, an under-pressure Kremlin is searching for new ways to threaten the west.
US intelligence that leaked earlier this month warned that Russian hackers had claimed to have taken over control systems belonging to a Canadian gas pipeline at the end of February, with the aim of causing an explosion.
Dowden is expected to tell the Cyber UK event that disclosing the threat is “not something we do lightly”. He will argue it is necessary to get companies in utilities and other critical sectors to realise they have to invest as needed in cybersecurity “to defend themselves and the country”.
He will describe the adversaries as “ideologically motivated, rather than financially motivated”, adding that they are less likely to show the same level of restraint as those directly employed by a nation state, making the situation “particularly concerning”.
A top-secret intelligence snippet in the Pentagon files that leaked earlier this month warned that a Russian cybercriminal group called Zarya had claimed to have taken over the control systems of the unnamed pipeline. The hackers then asked the country’s FSB spy agency for instructions on what to do next.
The hackers “shared screenshots” with the FSB “alleging capability to increase valve pressure, disable alarms and initiate an emergency shutdown of an unspecified gas distribution station”, according to the report, based on electronic eavesdropping of communications between the two sides.
However, there is no corroborating evidence in the public domain that a natural-gas pipeline company in Canada suffered the hacker attack described or that any explosion took place. The intelligence may also have helped prevent the attack, although it was labelled as being for US eyes only.
Royal Mail was targeted by Russian criminal hackers earlier this year, with the LockBit group demanding an $80m ransom, after the attackers had encrypted files crucial to the company’s international operations. It rejected the demands as “absurd” according to a transcript of the negotiations leaked by the hackers online.
Dowden did not name any of the hacker groups, but the reference to Wagner, the large paramilitary group that is playing an important role on the ground in Ukraine, suggests the UK believes efforts are being made to organise the criminal groups of hackers into something more permanent.
Critical national infrastructure covers areas such as gas, electricity, telecoms and postal networks as well as the emergency services and other organisations on which daily life relies. Serious attacks remain rare, but in the US, an oil pipeline on the east coast briefly shut down its operations two years ago after it was hacked by an online extortion gang, leading to shortages of petrol and jet fuel.
Russian hackers have also targeted Ukrainian utilities, both before and since last year’s full invasion. Ukraine has been able to maintain supplies with the help of the west, although some of the cyber-attacks last autumn were conducted in tandem with missile strikes aimed at power and substations on its energy grid.