Russian hackers target UK’s critical infrastructure

Russian hackers are actively looking to target Britain’s critical infrastructure, such as energy and water, with the goal of ‘disrupt or destroy’, a Cabinet Office minister has warned. Hacking groups from Russia have focussed their attention to the UK in recent months, Oliver Dowden mentioned in a speech.

The National Cyber Security Centre (NCSC) has mentioned that the UK collectively is not doing enough to protect its national infrastructure from cyber threats. The NCSC will be issuing an official threat alert to critical businesses, which are driving the countries energy and water supplies.

The government will be setting cyber resilience targets that will be required to meet within two years. Private sectors involved with critical infrastructure protection will also be included in the scope.

A statement from the NCSC has also mentioned that ideologically motivated groups that sympathise with Russia’s invasion of Ukraine are less predictable. They focus more on ideology than finance for motivation.

The hackers look to cause maximum disruption by means of using a distributed denial-of service (DDoS), which floods system bandwidth or resources with a large number of packets. The other means of attack is by amendment of websites and spreading of misinformation. The groups will look to target systems that are vulnerable, and poorly protected.

The UK has seen quite a low level of activity in the months prior to acceleration and targeting of UK national assets. The ongoing war between Russia and Ukraine means that a significant amount of attention had been drawn towards Ukraine in terms of destruction and disruption from a cyber perspective.

The CEO of NCSC, Lindy Cameron, when asked if there have been targeted attempts mentioned “we’re seeing some indication of that, but I wouldn’t want to go into further detail.”

ITC-TI analyst comment:
  • We strongly recommend ensuring a vulnerability and patch management cycle is fully operationally and conducted regularly to avoid any vulnerabilities being detected by external tools and actively being exploited.
  • To prevent unauthorised access without validation and verification, we recommend that all user accounts, and where possible machine accounts, have multifactor authentication configured.
  • To prevent supply chain attacks from hopping onto the core business, ITC recommend that all third-party suppliers with access to the core business have undergone an audit.
  • Ensure that the zero-trust architecture is followed to verify end to end user activity and assume breach to assess the scale of impact.
  • To prevent DDoS attack, review the bandwidth capabilities of your datacentre and consider the value in using a CDN.
  • Segment devices by criticality to prevent mass disruption across all systems, to minimise impact.
  • Implement a load balancer so that high amounts of traffic can be handled across different network paths and not flood a single path.
  • Ensure that conditional access policies are enabled to prevent unauthorised access to critical infrastructure. 


Russia-linked hackers a threat to UK infrastructure, warns minister – BBC News

What Russia’s cyber threat means for UK security as minister issues national alert (

Russian hackers target UK’s energy supplies, warns Cabinet Office minister – Energy Live News