The UK, US and Australia sanctioned a senior Russia-based leader of LockBit, once one of the world’s most pernicious cybercrime gangs, which was responsible for 25% of ransomware attacks globally last year.
LockBit targeted thousands of victims over the years including over 200 UK businesses, and orchestrated a malicious online campaign, illegally stealing and using sensitive data to extract billions of dollars from business and individuals.
Sanctions announced on May 7 were against Russian national Dmitry Khoroshev who was identified as part of an ongoing international law enforcement investigation. Khoroshev thought he was beyond reproach, even offering $10 million to anyone who could reveal his identity.
Russian Intelligence Services also condemned
The United Kingdom also announced solidarity with the European Union, Germany, Czechia and other allies in condemning malicious cyber activity by Russian Intelligence Services.
Recent activity by Russian GRU cyber group APT28, including the targeting of the German Social Democratic Party executive, is the latest in a known pattern of behavior by the Russian Intelligence Services to undermine democratic processes across the globe. APT28 are capable cyber actors who have been active since at least 2004.
In December 2023, the UK exposed a series of attempts by the Russian Intelligence Services to target high-profile UK individuals and entities through cyber operations. At the same time, the UK Foreign, Commonwealth & Development Office sanctioned 2 Russian nationals responsible for political interference.
Also China
In April, United Kingdom and global allies identified that Chinese state-affiliated organisations and individuals were responsible for 2 malicious cyber campaigns targeting democratic institutions and parliamentarians.
In one campaign, the UK’s National Cyber Security Centre (NCSC) assessed that the UK Electoral Commission systems were highly likely compromised by a Chinese state-affiliated entity between 2021 and 2022.
NCSC also assessed that the China state-affiliated Advanced Persistent Threat Group 31 (APT31) likely conducted reconnaissance activity against UK parliamentarians during a separate campaign in 2021.
In an April response, the UK’s Foreign, Commonwealth and Development Office summoned the Chinese Ambassador to the UK, and sanctioned a front company and 2 individuals who are members of APT31. Concurrently, the United States designated the same persons and entity for malicious cyber activity.
No parliamentary accounts were successfully compromised.
Further reading
UK and allies sanction prolific cyber hacker. Press release. May 7, 2024. UK Foreign, Commonwealth & Development Office. National Crime Agency. National Cyber Security Centre.
UK joins partners in condemnation of malicious cyber activity by Russian Intelligence Services: UK Government statement. Press release. May 3, 2024. UK Foreign, Commonwealth & Development Office
UK holds China state-affiliated organizations and individuals responsible for malicious cyber activity. Press release. April 3, 2024. UK Foreign, Commonwealth & Development Office, UK National Cyber Security Centre
Why it matters
The UK’s National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) had assessed that LockBit was the leading ransomware threat to the UK and globally.
LockBit caused significant disruption to many UK organizations and services, having severe short to medium term impact on prominent services within the private sector. The organized crime group responsible for LockBit, as well as the affiliates using the malware represented a significant threat to victims’ data due to their tactic of stealing data and publishing it on its darkweb data leaks site (DLS)
With multiple elections around the world in 2024, raising awareness of cyber threats to the UK and its international partners remains vitally important for their collective resilience.