Who hacked Parliament? First the blame was laid at Russia's door, then the culprits were suggested to be amateur hackers who got lucky. Now, a secret intelligence assessment is pointing the finger at Iran, according to a report in the Times.
The report cites sources as saying the June hack which compromised 90 accounts, including some 30 used by MPs was run by the Iranian Revolutionary Guard.
But while the report suggested the hackers were "highly capable actors", sources told the newspaper that the attack wasn't particularly sophisticated, chucking traffic at email accounts in a brute force attack.
The sources suggested the hackers were testing their own abilities and left behind a "calling card" claiming the attack.
Of course, Iran isn't the first nation to be blamed for the attack, with Russia previously implicated.
If Iran was behind the incident, it would mark the first time the country is known to have directly attacked the British government, and comes at an awkward time as prime minister Theresa May attempts to defend a deal signed by former US president Obama and Iran on its nuclear programme.
The National Cyber Security Centre and National Crime Agency continue to investigate, and haven't blamed any individual or nation state as of yet.
06/07/2017: Was Parliament hacked by amateurs?
European government sources have stated that the cyber attack on the UK Parliament last month was likely to have been carried out by amateur or private hackers rather than state-sponsored.
As reported by Reuters, cyber security experts found that the hackers managed to access accounts of lawmakers who were using primitive and easy to discover passwords. The experts added that it still remains unclear who did carry out the attack.
Investigators hope that this latest attack will convince politicians and other public figures to use more sophisticated passwords for their email and online activities.
British authorities are not commenting publicly on the progress of investigations but an official said after the attack that "cyber threats to the UK come from criminals, terrorists, hacktivists as well as nation states".
A number of security experts had speculated that the Russian government was behind the cyber attack on UK Parliament at the end of June, in which 90 MP accounts were breached. Security agents had thought that a foreign government was responsible for the attack rather than a criminal group.
The brute-force style attack attempted to identify "weak passwords that did not conform to guidance issued by the Parliamentary Digital Service". Despite this, the breach highlighted the lack of stronger protection methods, such as two-factor authentication, on a network that holds government material.
26/06/2017: Russia suspected in cyber attack against UK Parliament
Security experts speculate that the Russian government was behind the cyber attack against the UK Parliament over the weekend, in which 90 email accounts belonging to MPs were breached.
An investigation has been launched following a "sustained" cyber-attack on Friday that led to the breach of around 90 email accounts, and while the identity of the attackers remains unknown, it's thought to have been state-sponsored.
"We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this on-going incident, working closely with the National Cyber Security Centre," read a Parliamentary statement issued on Saturday.
The attack targeted a network used by every Member of Parliament, including Theresa May and her cabinet. Remote access to the network has since been blocked as a precaution, according to the statement.
Security agents believe that a foreign government, rather than a criminal group, carried out the attack, and that only Russia, China, North Korea or Iran would have the capabilities and motivation to do so, according to sources speaking to the Guardian.
A Commons press office statement issued on Sunday revealed that fewer than 1% of the 9,000 accounts on the network were compromised. The on-going investigation has so far revealed a brute-force style attack that that attempted to identify "weak passwords that did not conform to guidance issued by the Parliamentary Digital Service".
Password strength aside, the breach highlights a lack of two-factor authentication on a network that holds government material. Ilia Kolochenko, CEO of web security firm High-Tech Bridge, believes the incident highlights significant shortfalls in government security, and that it is ignoring "cyber security fundamentals".
"Today, two-factor authentication (2FA), advanced IP filtering and anomalies detection systems are a must-have for critical systems accessible from the Internet," said Kolochenko. "Strict password policies, regular audits for weak and non-compliant passwords are also vital for corporate security. However, apparently, none of these simple but efficient security controls were properly implemented."
The attack followed the release of a report by the Times, which revealed that usernames and passwords of thousands of MPs, police employees and government staff were being traded online by Russian hackers.
The government has said it has informed those individuals whose email accounts have been compromised, and an investigation to determine what data has been lost is underway.
