RUSSIAN hackers have stolen UK government logins to sell them on the dark web in a major “brute force” national security breach.
The cyber crooks harvested troves of sensitive data from the accounts of Whitehall employees as part of a sophisticated and ongoing attack dubbed FortiBleed.
Russian cyber criminals have hacked into the UK’s critical national infrastructure
The “brute force” attack has targeted sensitive logins of Whitehall employees Credit: Alamy
Its nickname comes after more than 80,000 firewalls provided by cyber security company Fortinet were breached, with fears the .
They targeted a vulnerability in the system, using previously stolen data to skirt around security measures guarding some of Britain’s most critical national infrastructure.
Dark web forums are now reportedly trading the government logins for up to $60,00 (£44,000).
Exposed accounts come from both overseas Foreign Office employees and local government staff, according to a list seen by The Telegraph .
Among the victims are IT workers at British embassies in Thailand and Mauritius, as well as staff in Derbyshire and Waltham Forest, east London, the outlet said.
The stolen credentials reportedly include email addresses and matching passwords, raising fears that hackers could gain access to sensitive government systems.
Experts warned the breach could have implications far beyond Whitehall, with logins linked to healthcare, and other critical services.
Dr Saif Abed, a former doctor and cyber security expert, said the attack could be the first stage of a much larger operation.
Vladimir Putin’s intelligence services have been linked with proxy hacker groups Credit: AP
He told The Telegraph: “NHS organisations, pharmacies, labs, and their suppliers are highly dependent on products like those compromised by FortiBleed.
“This is exactly the type of hack that’s the first step for launching catastrophic ransomware attacks that can threaten patient safety across the country.”
Hostile actors are known to target healthcare suppliers as a way to impact hospital operations.
It comes after and posted them on the dark web.
The “catastrophic” security breach compromised eight RAF and Royal Navy bases as well as emails and names of Ministry of Defence staff, as reported in The Mail on Sunday.
The latest FortiBleed attack was uncovered by cyber security researcher Volodymyr Diachenko, who said hackers were using credentials obtained in previous leaks to steal more data from compromised systems.
He warned the breach had the potential to reach “core networks” within the Foreign Office and could spread to other government departments.
The National Cyber Security Centre has issued an urgent alert, confirming a “brute force” attack targeting Fortinet systems.
They have urgently advised organisations to review their networks and isolate any compromised devices.
Researchers said code linked to the operation was written in Russian, while an individual using the online alias “SantaAd” is allegedly advertising access to the stolen credentials on dark web forums.
While there is no evidence was directly involved, security officials have warned that the turns a blind eye to cyber criminals causing global disruption.
The director of GCHQ, the UK’s communications intelligence agency, warned in May 2024 that Russia was increasingly directing hackers to British targets.
Anne Keast-Butler said that GCHQ was “increasingly concerned about growing links” between Russian intelligence and proxy hacker groups.
She said: “Before, Russia simply created the right environments for these groups to operate, but now they’re nurturing and inspiring these non-state cyber actors.”
Intelligence sources have warned that to harvest personal information.
Once a weak router has been compromised, internet traffic is then redirected to malicious servers under the hackers’ control.
The National Cyber Security Centre, part of , warned that has the ability to intercept traffic and harvest log-in credentials, including passwords.
The type of attack directs users to sites that look familiar but are actually designed to steal sensitive information.
The NCSC says the attacks are likely opportunistic, with Russian tyrant casting a wide net before narrowing down on targets of interest.
It has published advice on its website detailing how to combat the threat.
Director of operations Paul Chichester said: “This activity demonstrates how exploited vulnerabilities in widely used network devices can be leveraged by sophisticated hostile actors.
“We strongly encourage organisations and network defenders to familiarise themselves with the techniques described in the advisory and to follow the mitigation advice.
“The NCSC will continue to expose Russian malicious cyber activity and provide practical guidance to help protect UK networks.”



