top of page
< Back

Russian-Linked Hackers Compromise UK Government and NHS Credentials

Hackers have infiltrated the email accounts of UK government officials and overseas Foreign Office staff in an ongoing campaign known as "FortiBleed." This operation has compromised more than 80,000 Fortinet firewalls by exploiting a vulnerability that bypasses security perimeters. Exposed credentials include those of IT staff at British embassies in Thailand and Mauritius, as well as local government employees in Derbyshire and Waltham Forest. The compromised data, currently being traded on dark web forums for up to £44,000, also provides access to NHS systems, energy providers, and medicine suppliers. Cybersecurity experts have warned that the breach could result in a "catastrophic" incident affecting patient safety, drawing parallels to the 2024 Synnovis cyberattack.

Although there is no evidence directly linking the campaign to the Russian state, the incident is consistent with a broader pattern of cyber activity originating from Russian territory. In 2024, GCHQ warned of increasingly close links between Russian intelligence services and proxy hacker groups, assessing that Moscow is actively nurturing and directing non-state actors against Western targets. This relationship provides the Kremlin with plausible deniability while enabling the pursuit of strategic objectives through proxy networks. The simultaneous targeting of healthcare, energy suppliers, and diplomatic accounts indicates an operation intended to cause widespread disruption, increasing pressure on government and industry while testing the threshold at which persistent cyber activity may prompt a more robust policy or operational response.

bottom of page