Russian Hackers Stole British Officials’ Logins and Accessed Foreign Office Emails in FortiBleed
Image: Khāṣ ʿan Miṣr

Russian Hackers Stole British Officials’ Logins and Accessed Foreign Office Emails in FortiBleed

05 July, 2026.Technology and Science.9 sources

Key Takeaways

  • Hackers stole login details and accessed British government email accounts.
  • GRU-linked APT28 suspected; some reports dispute state involvement.
  • DNS or router hijacking used to intercept credentials.

FortiBleed targets Whitehall

Russian hackers stole login details from British government officials and accessed their email accounts in an ongoing breach nicknamed "FortiBleed," according to The Telegraph.

Russian hackers steal log-ins from British officials - report The Telegraph reported Sunday that Russian hackers successfully stole login details and accessed the email accounts of British government officials

A NewsA News

The attack exploited a weakness in the security system and used previously stolen data to bypass barriers protecting critical infrastructure, the UK newspaper said.

Image from A News
A NewsA News

The Telegraph’s list of compromised accounts included Foreign Office staff posted overseas and local authority officials across Great Britain, with IT staff at British embassies in Thailand and Mauritius among those affected.

The compromised credentials were being offered for sale on dark web forums, and the credentials on sale included login details for the National Health Service (NHS), energy suppliers and key medicine suppliers across the country.

A separate report tied the same broader campaign to APT28, also known as Fancy Bear, and described DNS hijacking as the technique used to intercept credentials from senior UK government targets.

NCSC attribution and tactics

The cyberattack was attributed to APT28, linked to Russia's GRU military intelligence, and described as relying on DNS hijacking to redirect traffic and steal login credentials.

The UK’s National Cyber Security Centre first flagged APT28’s campaign on April 7, 2026, and said the group had been exploiting vulnerable internet routers to conduct DNS hijacking at scale.

Image from Crypto Briefing
Crypto BriefingCrypto Briefing

NCSC Director Paul Chichester highlighted the specific vulnerability of network edge devices and urged mitigations including firmware updates, strict access controls, and mandatory two-step verification.

The UK Defence Journal said the group compromised thousands of poorly secured home and small office routers, including devices made by MikroTik and TP-Link, and altered settings so victims’ web traffic passed through Kremlin-controlled infrastructure.

It also said that once traffic was flowing through their servers, hackers could redirect users to spoof versions of login pages and harvest passwords along with authentication tokens that keep users signed in.

NHS risk and broader fallout

The Telegraph warned that the breach could trigger a "catastrophic" NHS incident affecting patient safety, citing how NHS organisations, pharmacies, labs, and their suppliers depend on products and systems tied to the compromised credentials.

The hackers gained access to the email accounts of British government officials

DIE WELTDIE WELT

Dr Saif Abed said the hack was "exactly the type of hack that’s the first step for launching catastrophic ransomware attacks that can threaten patient safety across the country."

The Telegraph also reported that dark web forums were trading access to the logins for as much as $60,000 (£44,000), and that the breach compromised more than 80,000 firewalls provided by Fortinet.

In parallel, the UK Defence Journal said the FBI’s Operation Masquerade sent commands to compromised routers on American soil to evict the Russian presence and reset their settings.

The same reporting placed the campaign in a wider pattern of hostile-state cyber activity, noting that the NCSC head Richard Horne said in April that the most serious cyberattacks against the UK now come from hostile states including Russia, Iran and China.

More on Technology and Science