The UK Ambulance Service is the latest target of Russian hackers according to a recent report.
Like much of the NHS and other critical infrastructure service providers across the country, Russian FSB and GRU spies along with criminal proxies have been engaged in a coordinated campaign to infiltrate and reconnoiter large parts of the UK’s critical infrastructure services. This includes the Civil Service, the Ministry of Defence, and many of their contractors.
One of the objects of these cyber-attacks has been key suppliers to the UK Ambulance Service. Here individuals working on the Ambulance Radio Program have been targeted from multiple directions by hackers in a credentials-harvesting campaign to potentially crash the entire communications system. This would leave ambulance command centres unable to communicate with drivers and the police or fire services or prevent them from receiving vital location information.
The incident is believed to form part of a new Russian cyber warfare campaign dubbed by UK intelligence sources “Cyber Wagner”, in reference to the hardline Russian mercenary group run by the late Yevgeny Prigozhin.
“This is the new front in Russia’s aggression against the West,” a western intelligence source monitoring the activity reported “We need to prepare Western states for more aggression and hybrid warfare from Moscow.”
This week, MI5 director Ken McCallum announced that Russia is on a “sustained mission” to create “mayhem” across Britain and Europe. The UK's "leading role" in supporting Ukraine means "we loom large in the fevered imagination of Putin's regime" and further acts of aggression on UK soil should be expected, he warned.
This would not be the first time that critical UK systems have been besieged by cyber adversaries. Russian GRU agents have carried out "arson, sabotage and more dangerous actions conducted with increasing recklessness" since the UK backed Ukraine in its war with Russia, he added.
The revelations come just months after hackers behind a catastrophic NHS cyber-attack in the summer were identified to be part of a wider cyber army working under the Kremlin’s protection trying to destabilise the UK.
In June, healthcare services were disrupted across London after a major cyber-attack targeted Synnovis, a pathology testing organisation, severely affecting services. This led to the cancellation of 8,349 acute outpatient appointments and 1,608 elective procedures across much of South London at King’s College Hospital, and Guy’s and St Thomas’ NHS Foundation Trusts and their associated hospitals and clinics.
Qilin, which was held responsible for the assault, is merely one arm of the wider web of hacking affiliates, using servers based in Russia to carry out attacks on UK critical infrastructure. The hackers said the incident was in response to “unspecified wars”. The attack on the NHS was a “major escalation” of the Kremlin’s use of cyber warfare through use of criminal proxies.
As tensions continue to escalate, these attacks become less about opportunity for criminal profits and more about the desire to inflict damage to the critical infrastructure of another country. The fact that the Kremlin appears to be enlisting the support of criminal groups is not exactly a surprising development for many. It is widely acknowledged, that for many years, the Russian State has been providing safe harbour to Russian organised crime syndicate members accused of crimes in other countries by refusing arrest or extradition requests. So long as perpetrators direct their criminal business to organisations outside of the Russian Federation, they are allowed to operate with near impunity.
Although no definitive connection has been proven between the Russian State, criminal gangs, or the Russian Mafia, a close working arrangement has been evident for quite some time according to cybersecurity experts. Despite this, certain state and non-state actors within Russia appear to be intent, if not on the cusp of, launching a cyberwar with the UK, Europe and North America.
