Labour MP ‘targeted by Russian phishing campaign’

Putin critic claims he received malware-loaded documents that claimed to reveal disinformation efforts

Hacker in front of a Russian flag

A prominent backbench Labour MP claims he was targeted by Russian state-sponsored hackers after his staff were hit with a phishing email during the general election campaign.

Ben Bradshaw, who is standing for re-election in Exeter, said his staff were sent a suspicious email from 'Andrei Ivanov' offering documents that revealed Russian disinformation efforts, according to Sky News

Some of these documents appeared to outline the existence of dedicated units in Russia that have been charged with influencing the views of Russian citizens, while other documents contained malware. The attachments were not opened by Bradshaw's staff.

The claims have emerged just a matter of weeks after the Labour Party was targeted by a 'large scale' distributed denial of service (DDoS) attack that temporarily shut down its online campaigning systems.

Bradshaw is known to be a vocal critic of the Russian president Vladimir Putin and has argued it's "highly probable" that Russia influenced the result of the 2016 EU referendum.

"While there is a great deal of hype about the numerous threats facing candidates and government officials, notably in the run-up to an election, the stark reality is that phishing is the most likely attack method that can result in devastating effects for a campaign," said co-founder and CTO of Cofense Aaron Higbee.

"Just ask John Podesta or the U.S. National Republican Congressional Committee (NRCC) who were both victims of pretty basic phishing attacks. It's not surprising that candidates and their respective teams are being targeted. In fact, they should expect it and prepare for it."

He added the vast majority of breaches are a result of successful phishing campaigns, and that these can be highly targeted and sophisticated in such a way that staff are duped into opening malicious attachments.

Phishing campaigns in 2019 are smoother, slicker and more sophisticated than they were known to be in the past, and advancements in social engineering techniques mean they can be more surgically targeted towards certain individuals. 

Related Resource

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

One highly convincing scam involved workers being fooled into thinking they had been left a voicemail message through Microsoft Office 365. The phishing emails linked victims to a sophisticated phishing site that resembled Microsoft's login screen and even contained audio files as attachments to appear genuine.

"Running drills with staff can show even the most inexperienced workers what a phishing attack might look like and how they should react and report it," Higbee continued. 

"Simply put, candidates should run their political campaign like an organization. Treat all your data as proprietary and take proper steps to secure not only the information, but the people behind the data."

A National Cyber Security Centre (NCSC) spokesperson told IT Prthat it was approached by Ben Bradshaw, and investigators are examining the information the NCSC has received.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
X-rated phishing attacks just keep growing
phishing

X-rated phishing attacks just keep growing

4 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021