A site that uploaded emails claimed to be from hacked accounts of several key figures in the pro-Brexit movement in the UK is linked to a group of Russian hackers, Google claims, based on an analysis technique carried out by its computer security researchers.
Called “Very English Coop d’Etat”, the site published personal emails attributed to former head of British intelligence Richard Dearlove and pro-Brexit activists . These messages are presented as evidence of a plot hatched by the hard wing of the Brexit movement to remove former Prime Minister Theresa May, to replace her with Boris Johnson, during the negotiations on the exit of the Brexit. European Union.
According to the analysis carried out by computer security researchers from Google’s Threat Analysis Group, reputed to be among the best in the world, several technical elements link this site to the group of hackers called “Cold River”. In recent months, this group has attempted to hack into e-mail accounts used by “civil servants and soldiers, elected officials, employees of associations or think tanks, and journalists”, particularly in Eastern Europe, noted Google in a previous report. The company claims that this group is in Russia, without directly linking it to any Russian intelligence or security service.
The address of ‘Very English State Coop’ was registered on April 19, three days after Boris Johnson was banned from entering Russia over UK support for Ukraine, notes the Reuters agency. The site address contained the words “sneaky strawhead”, which appears to be a reference to the hairstyle of the current British Prime Minister.
Classic modus operandi of Russian destabilization operations
The modus operandi – hacking into email accounts whose content is then disseminated online – is reminiscent of previous operations attributed to Russian intelligence services, including the hacking of US Democratic Party emails in 2016 or the “MacronLeaks” in 2017. In the UK, confidential Brexit negotiation documents were also published online in 2019 after being hacked into the then trade minister’s email account in an operation attributed to Russia.
The emails released by “Very English Coop d’Etat” have not been formally identified, but former MI6 chief Richard Dearlove implied that they were likely largely genuine, believing, in a statement to Reuters that they referred to “a legitimate [pro-Boris Johnson] lobbying operation presented in a distorted and hostile manner”.
Most of the e-mails could come from a single account, a personal mailbox of Mr. Dearlove. “It’s not easy to write about disinformation operations without amplifying them and increasing their effects,” writes Shane Huntley of the Google Threat Analysis Group. But if we take a step back, we see that this campaign was quite clumsy. »