A site that uploaded emails claimed to be from hacked accounts of several key figures in the pro-Brexit movement in the UK is linked to a group of Russian hackers, Google claims, based on an analysis technique carried out by its computer security researchers.
Called ‘Very English Coop d’Etat’, the site published personal emails attributed to former UK intelligence chief Richard Dearlove and pro-Brexit activists . These messages are presented as evidence of a plot hatched by the hard wing of the Brexit movement to remove former Prime Minister Theresa May, to replace her with Boris Johnson, during the negotiations on the exit of the Brexit. European Union.
According to the analysis carried out by computer security researchers from Google’s Threat Analysis Group, reputed to be among the best in the world, several technical elements make it possible to link this site to the group of hackers called “Cold River”. In recent months, this group has attempted to hack into email accounts used by “civil servants and soldiers, elected officials, employees of associations or think tanks, and journalists”, especially in Eastern Europe, noted Google in a previous report. The company claims that this group is in Russia, without directly linking it to any Russian intelligence or security service.
The address of ‘Very English State Coop’ was registered on April 19, three days after Boris Johnson was banned from entering Russian territory due to UK support for Ukraine, notes the Reuters agency. The site address contained the words “sneaky strawhead” (“deceitful straw head”), which seems to be a reference to the hairstyle of the current British Prime Minister.
Classic modus operandi of Russian destabilization operations
The modus operandi – hacking into email accounts whose content is then disseminated online – is reminiscent of that of previous operations attributed to Russian intelligence services, including the hacking of US Democratic Party emails in 2016 or the “MacronLeaks” in 2017. In the United Kingdom, confidential documents on the Brexit negotiations were also published online in 2019 after being hacked into the email account of the then Minister for Trade, in an operation attributed to Russia.
The emails released by “Very English State Coop” have not been formally identified, but former MI6 chief Richard Dearlove implied that they were likely largely genuine, believing, in a statement to Reuters, which they referred to “a lobbying operation [pro-Boris Johson] legitimate, presented in a distorted and hostile manner”.
Most of the e-mails could come from a single account, a personal mailbox of Mr. Dearlove. “It is not easy to write about disinformation operations without amplifying them and increasing their effects, writes Shane Huntleyfrom the Google Threat Analysis Group. But if we take a step back, we see that this campaign was quite clumsy. »