Russian Influence

For Sale on the Dark Web: Russian Hackers Offers Stolen UK Government Logins

Nexus Europa Newsroom
Posted July 6, 2026 · 18 views

Credentials for Foreign Office and council staff being offered for more than £40,000

covhack.pngRussian hackers gained access to the credentials of UK government employees, including staff of the Foreign Office and British diplomatic missions abroad .

According to the publication, the cyberattack, which researchers named FortiBleed, was carried out through a vulnerability in Fortinet cybersecurity systems,  reported The Telegraph.

Cybersecurity researcher Volodymyr Dyachenko, who discovered the breach, stated that the attackers may have gained access to key networks of the Ministry of Foreign Affairs, and that the scale of the attack potentially poses a threat to other government agencies as well.

Suspicions  Point to  Russia

Although there is no direct evidence of Russian state involvement in the attack, The Telegraph notes that the source code of the hacking tools is written in Russian, and British intelligence services have previously repeatedly warned of close ties between Russian intelligence agencies and hacker groups operating from the territory of the Russian Federation.

How this threatens national security

Over 80,000 firewalls were compromised, allowing the attackers to gain access to sensitive government systems.

Among the stolen accounts are data from employees of the UK Foreign Office, IT specialists from British embassies in Thailand and Mauritius, as well as local government workers.

huk1.jfifThe logins and passwords could be used to infiltrate the internal systems of British state institutions.

What are the risks

Among the stolen credentials are access to systems of the National Health Service (NHS), energy companies, and pharmaceutical suppliers. Experts warn that such data could be used for large-scale ransomware attacks.

929de030-0027-11f0-a8b1-950887ddc6e5.jpgIn 2024, following a cyberattack on the Synnovis laboratory—which was also linked to Russian hackers—the United Kingdom had to cancel more than 1,000 surgeries and about 2,000 medical appointments.

The UK National Cyber Security Centre (NCSC) confirmed the brute force attack and urged organizations using Fortinet equipment to immediately check their networks, change passwords, and isolate compromised devices.

In October last year, the UK Ministry of Defense investigared a massive cyberattack linked to the Russian hacking group Lynx.

2024-09-05-uk-ministry-defence-2151915583.webpThe attackers accessed the network through Dodd Group, a contractor servicing military facilities.

As a result, hackers obtained secret documents, internal correspondence, and personal data of about 272,000 service members and veterans, including their banking details.

Cyberattacks as part of Russian aggression

Against the backdrop of more than 150 incidents of sabotage, cyberattacks, and influence operations linked to Russia across Europe since 2022 , Atlantic Council reported.

The attacks are aimed at NATO structures and countries that support Ukraine.

Belarusag.jpgThe incident also points to a shift in Russian tactics. Operations are increasingly directed at operational technology controlling physical functions, raising the potential for real-world disruption, particularly in the energy sector, where even limited interference can generate disproportionate societal effects.

This has accelerated a policy shift. The broader conclusion is that such attacks form part of the same strategic continuum as Russia’s war against Ukraine, with Moscow probing how far it can go below the threshold of open conflict.

December 2025, Poland

Poland saw one of the most serious operations against Polish critical infrastructure in years, along with related “hybrid” pressure activities. Taking place on December 29-30, this coordinated cyberattack against the Polish power grid targeted wind and solar farms, combined heat and power plants, as well as industrial systems such as IT and operational technology.

It did not trigger a nationwide blackout, but critical control systems were disrupted, some industrial equipment was damaged beyond repair, and communication between energy assets and operators was degraded.

In 2022,  the first year of Russian President Putin’s open aggression against Ukraine, Poland saw cyberattacks increase by over 300 percent. The December attack fits Russia’s “below threshold” warfare model against NATO members, which is designed not to trigger an Article 5 response, Aaron Kurewa, AC Warsaw Office Director  emphasized.

EC_Siekierki-1231.jpg.webpIt was also timed during the winter holidays, obviously to maximize pressure. What makes it stand out is that it represents a shift toward integrated cyber and physical attacks.

The attack was detected and stopped before any blackouts could occur. Russia was publicly called out with Polish officials officially blaming “groups directly linked to Russian services.”

Finally,  the government accelerated work on the new National Cybersecurity System Act. Viewing itself as a frontline state under pressure, Poland prioritizes speed, resilience, and signaling.

Sweden, April 2026

Russia’s methods have shifted, Swedish Civil Defense Minister Carl-Oskar Bohlin said in April,2026.“Pro-Russian groups that once carried out denial-of-service attacks are now attempting destructive cyberattacks against organizations in Europe.”, the Minister stated.

sweden-securityconference.webpBohlin announced that the Swedish government has concluded that a 2025 cyberattack on a heating plant in western Sweden was carried out by a pro-Russian group with links to Russian security and intelligence services.

Bohlin went on to compare this attack to a December 2025 attack on Poland’s power grid, as well as in Norway and Denmark.

Cyber intrusions against Swedish targets are not new, but for the first time, Swedish authorities have openly attributed such activity to actors linked to Russian security and intelligence services, connecting it to an attempted intrusion into critical infrastructure on Swedish territory.

June 2026, Ukraine

The US Federal Bureau of Investigation (FBI) and  Ukraine’s Security Service (SBU) said they uncovered a coordinated Russian cyber campaign targeting the messaging accounts of officials, military personnel, politicians, and activists in Ukraine, Europe, and the US. The agencies warned that Russian hackers are also attempting to compromise the personal accounts of ordinary Ukrainians.

630_360_1634664278-801.jpgAccording to the SBU, Russian operatives are using various phishing techniques to steal login credentials and compromise accounts.

Cybersecurity  and  geopolitical volatility

The way sectors across the EU approach cybersecurity nowadays is also increasingly influenced by geopolitical volatility.

Indeed, in the interconnected environment sectors operating nowadays, geopolitical risk factors including sanctions, export controls, regional instabilities etc. have  been seen to have a real impact on cybersecurity, European Union Agency for Cybersecurity stated.

This may take the form of increased exposure to geopolitically motivated attacks with organisations often being caught in the crossfire of nation-state conflicts.

But it may also take the form of more pro-active efforts to reduce exposure to geopolitical volatility by looking into areas such as minimising concentration and dependency risks, data and digital sovereignty etc.

Sources: The Telegtaph, Atlantic Coucil, Europian Union Agency for Cybersecurity