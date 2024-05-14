



Russia is increasingly trying to encourage and direct hackers to attack Britain and other Western targets, the GCHQ director said in his first keynote speech as head of the British intelligence agency.

Anne Kist-Butler said her agency is increasingly concerned about growing links between Russian intelligence and proxy hacker groups that have long taken advantage of a permissive environment in Russia.

Previously, Russia simply created the right environment for these groups to operate, but now it is nurturing and inspiring these non-state cyber actors, she said in a speech at the Cyber ​​UK conference, describing them as a pervasive threat globally.

The spy chief, who became the first woman to hold the position last year, cited the threat of ransomware as the most serious and prevalent cyber threat, with cybercriminals, typically from Russia, taking control of companies' data and systems and demanding significant sums of money to get them back. Entrance.

Keast-Butler said GCHQ was doing everything it could to counter ransomware attackers, which had hampered their ability to attack systems across government and businesses, as well as their ability to generate information that would hold those involved in ransomware accountable. She added that cybercriminals have nowhere to hide.

A week ago, the UK's National Crime Agency announced that it had uncovered the identity of Russian national Dmitry Koroshev, the administrator of the LockBit ransomware group. Hacking tools from the LockBit ransomware group were used to carry out more than 7,000 attacks in the US, UK, and France between June 2022 and February 2024. , Germany, China and other regions.

GCHQ's public internet security arm, the National Cyber ​​Security Center (NCSC), along with three underwriters, published guidance on Tuesday aimed at dissuading companies from paying ransoms that fund Russian and other hackers.

Paying a ransom to cybercriminals is generally not illegal unless the hackers are designated as terrorist organizations.

Money in the form of cryptocurrency is often quietly paid out by businesses, and sometimes even by insurance, to resolve attacks more quickly.

Felicity Oswald, NCSC's interim CEO, spoke after Keast-Butler and said it was a dangerous misconception that paying the ransom guaranteed the end of the case.

Paying off a cyber attacker is like leaving a bag full of used bills in a dark alley, she said.

The GCHQ chief also spoke about China, but did not directly address recent accusations that China was behind an attack on an outsourced pay system for 270,000 troops run on behalf of the Ministry of Defence.

Keast-Butler said that while China is not a threat to the UK, it is actually increasing cyber risks, and the activities of Chinese hackers mean the UK poses a serious risk to international norms and values.

The GCHQ boss said that, like Russia, Beijing has built advanced cyber capabilities and is seeking to leverage its growing commercial ecosystem of hacking equipment to enter systems and steal data. In March, ministers accused Chinese hackers of compromising the Electoral Commission, Britain's election watchdog, in a hack that took place in 2021 or 2022.

Keast-Butler echoed comments from the head of MI6's foreign intelligence service in 2021, who said we were now investing more resources into China than any other single mission, and that China poses a long-term challenge while Russia is seen as an immediate threat. explained.

