Category
World

Russian Hackers Breach UK Government Data, Trading It for Up to $60,000 on the Dark Web

3 min read
Google logo Prefer U24 Media on Google
Authors
A person works on his computer in front of binary digits. (Source: Getty Images)
A person works on his computer in front of binary digits. (Source: Getty Images)

Russian hackers have infiltrated the email accounts of United Kingdom government officials and overseas Foreign Office staff in a major national security breach, according to a report by The Telegraph on July 5.

The sophisticated cyber assault, nicknamed “FortiBleed” by researchers, compromised more than 80,000 firewalls manufactured by cybersecurity firm Fortinet. The Telegraph reported that attackers exploited an internal system vulnerability, utilizing previously stolen data to bypass security perimeters designed to shield some of the UK’s most critical national infrastructure and expose emails alongside coinciding passwords.

We bring you stories from the ground. Your support keeps our team in the field.

DONATE NOW

The theft of valid credentials allows unauthorized users potential entry into core governmental servers. Currently, a cyber actor operating under the handle “SantaAd” is actively offering access to these compromised logins on dark web forums for up to £44,000 ($60,000), The Telegraph wrote.

Confirmed breaches include the IT department accounts at British embassies in Thailand and Mauritius, alongside municipal administration staff in Derbyshire and Waltham Forest, East London.

The exposed data contains access parameters for entities managing critical supplies and public safety networks, including National Health Service (NHS) hubs, domestic energy grid providers, and major national distributors of pharmaceutical medicines. Cybersecurity experts warned The Telegraph that the mass data exposure could pave the way for severe attacks threatening patient safety across the UK.

Dr. Saif Abed explained to the publication that NHS organizations, pharmacies, labs, and their suppliers are highly dependent on the compromised products, noting that this hack mirrors a June 2024 incident where Russian-backed actors disrupted the IT systems of pathology supplier Synnovis.

“NHS organisations, pharmacies, labs, and their suppliers are highly dependent on products like those compromised by FortiBleed,” Dr. Abed stated. “This is exactly the type of hack that’s the first step for launching catastrophic ransomware attacks that can threaten patient safety across the country.”

Cybersecurity researcher Volodymyr Diachenko initially detected the breach, and an analysis of the underlying code by The Telegraph revealed it was written in Russian. Diachenko warned that the network infiltration remains active, with hackers converting compromised firewall systems into localized collection hubs to harvest further data from within the UK civil service, according to The Telegraph.

In response, the National Cyber Security Centre (NCSC) issued an urgent operational alert confirming a mass “brute force” targeting of Fortinet architectures, instructing all public and private defense organizations to conduct immediate network audits and completely isolate any compromised digital hardware.

While investigators have found no direct evidence of formal Russian state involvement, The Telegraph highlighted warnings from GCHQ Director Anne Keast-Butler regarding the tightening ties between Russian intelligence services and proxy cyber actors, noting that Russia is increasingly looking to direct hackers toward British targets.

“Before, Russia simply created the right environments for these groups to operate, but now they’re nurturing and inspiring these non-state cyber actors,” Keast-Butler emphasized. Proxy groups are granted state protection from foreign prosecution as long as their disruptive global operations do not cross Moscow’s domestic red lines or cause too much diplomatic uproar, The Telegraph reported.

The exploitation of British digital networks matches an established pattern of adversarial Russian cyber activity across the country. Russian hackers were recently responsible for a major cyberattack on automaker Jaguar Land Rover, with the August 2025 hack causing an estimated $2.5 billion in economic damage to the United Kingdom after halting global production lines.

According to reports, because no ransom was ever demanded, the incident appeared to be a strategic effort to disrupt Western corporate infrastructure rather than a standard extortion scheme.

Truth is Under Attack
Logo
Truth is Under Attack
We report the war as it unfolds directly from the people and places most affected by it. Your support helps us bring these stories to the world.
See all

The war hasn't stopped

Neither has our reporting. Three years from the frontlines—your contributions keep our journalists on the stories that matter.