An advanced cyber operation has targeted the email accounts of British government officials and Foreign Office employees, heightening alarm over national security and the protection of critical infrastructure in the United Kingdom.
Dubbed FortiBleed by cybersecurity researchers, the attack exploited a vulnerability in security devices made by Fortinet, compromising more than 80,000 firewalls. To gain access to sensitive government systems, the attackers used credentials stolen earlier.
Të lidhura
None found
According to reports, the email addresses and passwords of Foreign Office staff have been exposed, including employees at British embassies in Thailand and Mauritius, as well as local government officials in Derbyshire and Waltham Forest.
These stolen credentials are being offered for sale on illegal online forums, with prices reaching as high as $60,000, or around £44,000.
Among the affected institutions are also bodies that provide critical services, including the NHS, energy companies and major pharmaceutical suppliers. Experts stress that the use of this data could pave the way for further ransomware attacks, with serious consequences for the functioning of public services and patient safety.
Dr Saif Abed, a cybersecurity expert, said that healthcare organisations rely heavily on the devices affected by this attack and that the situation could lead to serious cyber incidents, similar to the attack on Synnovis in 2024, which resulted in the cancellation of thousands of operations and medical appointments.
The attack was first uncovered by cybersecurity researcher Volodymyr Diachenko, who said the access secured by the attackers could affect key Foreign Office networks and possibly other government departments as well. According to an analysis published by The Telegraph, the code used in this operation was written in Russian, while a user under the pseudonym “SantaAd” is selling access to the stolen credentials on dark web forums.
The National Cyber Security Centre (NCSC) has confirmed that an attack using the method known as “brute force” is under way against Fortinet devices, and has urged organisations to check their networks, isolate compromised devices and change passwords immediately.
Although there is so far no evidence directly linking the Russian state to the attack, British authorities have repeatedly expressed concern over the growing closeness between Russian intelligence services and hacker groups. In 2024, GCHQ chief Anne Keast-Butler warned that Russia was increasingly backing these groups to strike British targets.
The British Foreign Office and the National Health Service (NHS) have not yet commented on the incident.
