Summary: MPs in the UK have been targeted in a spear-phishing attack, potentially compromising parliament’s security.
Threat Actor: Unknown | Unknown
Victim: UK Parliament | UK Parliament
Key Point :
- A police investigation has been launched after MPs received unsolicited messages, potentially indicating a spear-phishing attack.
- Twelve individuals, including MPs, political journalists, and party staff, have reported receiving suspicious WhatsApp messages.
- The attack may have been ongoing for at least 14 months.
- Senior political figures have suggested that a foreign state could be behind the attack.
- Parliamentary authorities are working with the government to analyze the messages and understand their origin.
- The incident highlights potential security weaknesses in an election year.
A police investigation has been launched after MPs were apparently targeted in a “spear-phishing” attack, in what security experts believe could be an attempt to compromise parliament.
A police force said it had started an inquiry after receiving a complaint from an MP who was sent a number of unsolicited messages last month.
Twelve people working in Westminster, including a serving government minister, told Politico they had received unsolicited WhatsApp messages from two suspicious mobile numbers in the past six months.
The Guardian spoke to a 13th person who was targeted in the exact same way by a WhatsApp user calling themselves “Abigail” or “Abi”.
Politico reported that the 12 targets it had confirmed so far included three MPs, two political journalists, a broadcaster, four party staff, a former Tory MP, and an all-party parliamentary group manager. The targets include members of the Conservative and Labour parties.
A former government special adviser received the first message on 23 January 2023, suggesting the phishing operation has been under way for at least 14 months. He received a message from an unknown number in the evening that said: “Long time no speak [eyes emoji], how’re you?”
Senior political figures, including Alicia Kearns, the chair of the foreign affairs committee, and Iain Duncan Smith, the former Conservative leader, have suggested that a foreign state should be considered a potential culprit for what is being described as a “honeytrap” type attack.
Until police got involved, the lead had been taken by parliamentary authorities, who said they were encouraging anyone with concerns to contact the parliamentary security department, and that security advice had been sent to MPs and staff.
A parliamentary spokesperson said: “Parliament takes security extremely seriously and works closely with government in response to such incidents. We provide members and staff with tailored advice, making them aware of security risks and how to manage their digital safety.”
Sources said parliamentary authorities were working with the government to “analyse and understand the nature of the messages” but they that it would be premature to speculate on their origin.
Ciaran Martin, a former head of the National Cyber Security Centre, said: “It’s the sort of thing hostile nation states do, but unlike sophisticated cyber-attacks it doesn’t need nation state capabilities.
“So, absent any specific evidence, there’s no basis to suspect any particular country. It could be anything from a hostile state to a bunch of jokers. The safeguards against are (a) not placing lots of unnecessary professional information in the public domain and (b) using common sense. If you can’t remember someone who claims to know you well, maybe it’s because you don’t know them.”
Others suggested the government’s Defending Democracy Taskforce – which has overall responsibility for coordinating electoral security and drives the government’s election preparedness – should get involved, and that the incident again highlighted security weaknesses in a potential election year.
Sophia Gaston, from the Policy Exchange thinktank, said: “So many of the recent high-profile cases of espionage have involved efforts to infiltrate the wider Westminster ecosystem, often via new forms of communication like WhatsApp, which are much harder for the security services to monitor and intercept than systems like email.
“The Defending Democracy Taskforce is one of the most important instruments government has to operationalise a whole-of-society resilience agenda, and it’s vital it is properly resourced to be able to respond to the changing landscape.
“There are obvious concerns in an election year, in which hundreds of new MPs and inexperienced staffers will enter parliament, that we don’t have the right arsenal in place to manage the full suite of risks to our national security.”
“An interesting youtube video that may be related to the article above”