World
Russian Hackers Breach British Officials' Email Accounts in Major Cyberattack
Russian hackers infiltrated email accounts of British government officials and Foreign Office staff, exploiting Fortinet firewall vulnerabilities to access sensitive systems.

Russian hackers have compromised email accounts belonging to British government officials and employees of the Foreign Office abroad in a significant national cybersecurity breach.
This sophisticated and ongoing attack, identified by researchers as FortiBleed, involved the theft of login credentials from government staff, enabling unauthorized access to sensitive systems and posing a risk of further infiltration across Whitehall departments.
Scope of the Cyberattack and Affected Systems
According to The Telegraph, the breach affected over 80,000 firewalls supplied by Fortinet, a cybersecurity company. The attackers exploited a security vulnerability within these systems and used previously stolen credentials to bypass security measures protecting critical UK national infrastructure.
A leaked list of compromised accounts, reviewed by the newspaper, revealed that credentials of Foreign Office employees overseas and local government officials throughout the United Kingdom were exposed.
Details of the Breach and Its Implications
The breach included access to email messages and matching passwords, granting hackers—and potentially anyone willing to pay them—entry into sensitive British government systems. Login credentials are reportedly being sold on dark web forums for up to $60,000 (44,000 pounds sterling).
Compromised accounts include those of IT staff at British embassies in Thailand and Mauritius, as well as employees in Derbyshire and Waltham Forest in East London.
The breach could lead to a "catastrophic" incident within the National Health Service (NHS). Credentials for numerous organizations providing vital services and national infrastructure, including the NHS, energy providers, and major pharmaceutical suppliers across the country, were among those offered for sale.
Healthcare providers are considered high-value targets by adversaries because attacks on their IT systems can rapidly disrupt daily hospital operations.
Previous Russian-Linked Cyberattacks on UK Health Services
In June 2024, cyber attackers believed to be supported by Russia infiltrated IT systems managed by pathology services company Synnovis, resulting in the cancellation of over 1,000 procedures and 2,000 appointments.
Reports indicate that the hackers are using valid credentials obtained from earlier leaks to convert compromised devices into data collection hubs.
Expert Analysis and Response
Cybersecurity researcher Volodymyr Dyachenko stated that the breach provided access to "core networks" within the Foreign Office and could affect other government departments. The core malware code analyzed by the newspaper was written in Russian.
One user operating under the name "SantaAd" is currently offering the stolen credentials on dark web forums. A Telegram account suspected to be linked to the hacker did not respond to requests for comment.
The National Cyber Security Centre (NCSC) issued an urgent alert confirming a "password guessing" attack on Fortinet systems. Organizations were advised to review their networks and immediately isolate any compromised devices.
Attribution and Government Warnings
There is no evidence directly implicating a state in the breach; however, hackers operating from Russia are regarded as effective instruments for causing global disruption, with the Kremlin reportedly tolerating their actions.
In May 2024, the director of the UK Government Communications Headquarters (GCHQ) warned that Russia increasingly directs hackers to target British interests.
Hackers benefit from a mutually beneficial relationship with the Russian state, enjoying safe haven within Russia while conducting cyberattacks, provided they do not cross Moscow’s red lines or provoke major diplomatic incidents.
According to guidelines posted on the NCSC website, organizations using Fortinet VPNs and firewalls should change all default or reused passwords.
Latest news
World Cup 2026Jude Bellingham’s Impact Secures England’s Historic Win in Mexico
FootballDavid Beckham Reunites with Diego Simeone in Miami During World Cup
FootballRanking Manchester United’s Midfield Targets After Transfer Setbacks
World Cup 2026
