The hack of a U.K. trade minister’s email account – the result of a spear phishing campaign likely engineered by Russian operatives – led to the leak of U.S.-U.K. trade documents and perpetuated a disinformation campaign credited with influencing the 2019 U.K. election.
Hackers were able to successfully access the email of Trade Minister Liam Fox in an attack that bore characteristics of a nation-state operation. The tactics closely resembled the spear phishing campaign during the 2016 U.S. presidential election that lured Hillary Clinton Campaign Manager John Podesta and resulted in a steady leak of damaging emails on WikiLeaks.
The U.K. incident is believed to have kept the Conservatives in power, while the Labour party and its leader Jeremy Corbyn were pilloried for trying to use the NHS sale claim for political gain. Investigators are probing the online theft and dissemination of six groups of classified U.S.-U.K. trade documents, a Reuters report cited two officials as saying.
Attackers reportedly tricked Fox into sharing his account login details so that they could access his account, multiple times over the space of many months, to steal politically sensitive and classified documents.
The caper raised concerns that leaked sensitive trade documents could influence voter turnout and perception – and change history for both the public and private sectors.
“The discovery that his email account was hacked by Russian operatives ahead of the 2019 British elections should serve as an important warning for security teams working to protect the U.S. election,” said Tim Sadler, CEO at Tessian.
It also underscored the need for all organizations to secure their most sensitive documents as well as ramp up efforts to train employees not to fall for spear-phishing campaigns, as Fox apparently did.
“Targets of spear phishing and social engineering scams like this often do not even realize they’ve been tricked or have done anything wrong until it’s too late,” Sadler said.
Current U.K. Foreign Secretary Dominic Raab last month confirmed to the BBC that the British government had “reasonable confidence” that Russia tried to interfere in the 2019 election and state-sponsored actors were trying to disseminate illegally obtained leaked documents online.
Meanwhile, a British government spokeswoman insisted to Reuters that it had “very robust systems in place to protect the IT systems of officials and staff.”