Russian hackers have stolen login credentials belonging to British government employees and critical infrastructure organizations, with the data now reportedly being sold on dark web marketplaces while UK authorities investigate the ongoing cyberattack.
Thousands of login credentials linked to British government bodies have reportedly been compromised in an ongoing cyberattack that researchers say exposed sensitive accounts to sale on the dark web.
According to Digi24, citing The Telegraph, the operation, dubbed “FortiBleed,” exploited vulnerabilities in Fortinet security devices, allowing attackers to gain access to government and critical infrastructure systems.
Government targeted
The report says more than 80,000 Fortinet firewalls were affected globally after attackers exploited a vulnerability and used previously stolen credentials to bypass security protections.
According to The Telegraph, compromised accounts include staff from the UK’s Foreign Office, local authorities, and British embassies in Thailand and Mauritius, as well as IT personnel working within government institutions.
The stolen credentials, including email addresses and passwords, have reportedly been offered for sale on dark web marketplaces for prices reaching $60,000.
Critical infrastructure
The breach also reportedly exposed login details connected to organizations operating critical infrastructure, including the National Health Service (NHS), energy suppliers and pharmaceutical providers.
Dr. Saif Abed, a former NHS doctor and cybersecurity expert, warned that the attack could become the starting point for ransomware campaigns capable of causing “catastrophic” disruption to healthcare services and patient safety.
According to The Telegraph, healthcare systems remain attractive targets because attacks on IT infrastructure can quickly disrupt hospital operations.
Russian connection
Cybersecurity researcher Volodymyr Diacenko, who first identified the attack, said the compromised systems could provide access to central government networks and potentially other Whitehall departments.
The Telegraph reported that the malicious code behind the campaign was written in Russian and that a dark web user operating under the alias “SantaAd” is advertising access to the stolen credentials.
Investigation ongoing
The UK’s National Cyber Security Centre (NCSC) has confirmed that attackers are carrying out brute-force attacks against Fortinet systems and has urged organizations to isolate compromised devices and change passwords immediately.
Authorities have not found evidence that the Russian state was directly involved in the operation. However, according to Digi24, The Telegraph noted that British intelligence has previously warned about increasingly close ties between Russian intelligence services and hacker groups operating from Russia.
The NCSC also advised organizations using Fortinet VPNs and firewalls to replace default or reused passwords and monitor their networks for suspicious activity.
Sources: Digi24, The Telegraph