Russian hackers have compromised the email accounts and network credentials of UK government officials, including staff at the Foreign Office and local councils, in a significant cyber security breach. The incident, identified through exploitation of vulnerabilities in Fortinet firewall and VPN systems, affects approximately 80,000 accounts linked to critical government and public service infrastructure.
The attack, dubbed "FortiBleed" by security researchers, reportedly involved the reuse of leaked or previously stolen passwords to bypass security measures and gain unauthorized remote access to sensitive networks. Among the compromised accounts are those of Foreign Office employees stationed in Mauritius and Thailand, as well as council workers in Derbyshire and east London. The breach also extends to key institutions delivering vital public services, including the NHS, energy providers, and suppliers of medical products.
Cyber security experts have expressed concern over the potential consequences of the breach. Dr Saif Abed, a former NHS doctor turned cyber security specialist, warned that the attack could serve as a precursor to ransomware campaigns capable of disrupting healthcare provision across the country. He highlighted the interdependence of healthcare organisations, pharmacies, laboratories, and their suppliers on affected technology platforms, noting the risks such an intrusion poses to patient safety.
The incident remains active, with hackers reportedly leveraging valid credentials from previous data leaks to further infiltrate networks and harvest additional information. Analysis of the malware and attack code suggests it is written in Russian. Access to stolen login details is being traded on dark web forums for sums reaching up to £44,000 (approximately $60,000).
This breach follows previous high-profile cyber incidents, such as the 2024 attack on pathology service provider Synnovis, which led to the cancellation of over 1,000 operations and 2,000 appointments in NHS hospitals.
The UK's National Cyber Security Centre (NCSC) has issued alerts confirming a "brute force" campaign targeting Fortinet devices worldwide. It has advised organisations to conduct thorough security audits, isolate compromised systems, and reset default or reused passwords as per its guidance. While no direct evidence of state sponsorship has been established, intelligence officials have previously expressed concerns about links between Russian intelligence services and proxy hacking groups targeting British infrastructure.
Authorities continue to investigate the full scope of the breach. The Foreign Office was contacted for comment but had not responded at the time of reporting. Meanwhile, experts urge vigilance as efforts to contain the intrusion and prevent further damage are underway.
