Info Gov

Login credentials belonging to staff at UK councils, the NHS, HMRC and other government bodies have been exposed as part of a large-scale cyber campaign attributed to Russian hackers.

According to a report in the Telegraph newspaper, a list of compromised accounts it had seen included credentials belonging to local government officials, the NHC and even IT staff at British embassies in Thailand and Mauritius.

It also reported that compromised credentials are being offered for sale on dark web forums for as much as $60,000 (£44,000) and said the breach also affected overseas Foreign Office staff, NHS organisations and other critical infrastructure.

Multiple industries - including government services - around the world fell victim to the attacks, according to an investigation by cyber security firm SOCRadar.

The National Cyber Security Centre (NCSC) has since warned organisations using Fortinet firewalls and VPN gateways to carry out checks on their devices and factory reset any devices they believe have been compromised.

Describing the attack, the national cyber watchdog said the programmes had been targeted as part of a global campaign, with some indications of potential impact in the UK.

It added: "A database of credentials has been leaked by a threat actor following brute-force, dictionary and credential stuffing attempts against internet-facing FortiGate and VPN portals.

"Credential stuffing is a method where attackers use passwords stolen from one web service to try to access accounts on other services, taking advantage of any reuse of username and password combinations."

The NCSC recommended UK organisations using Fortinet edge devices with SSL VPN enabled to investigate potentially malicious activity on the device and monitor their network for unusual activity.

It has set out a nine step-approach on its website: https://www.ncsc.gov.uk/news/advice-following-global-targeting-of-fortinet-firewalls-and-vpn-gateways.

Also in this section

Jul 16, 2026

Scattered Spider pair jailed over TfL hack

Two members of the Scattered Spider hacking collective have each been jailed for five and a half years at Woolwich Crown Court on 16 July over a 2024 cyber attack on Transport for London that compromised the personal data of millions of customers and cost the transport authority £39 million.
Jul 15, 2026

Government introduces mandatory data breach reporting protocol

The Cabinet Office has published a Model Action Plan setting out a single cross-government framework that all departments and arms-length bodies must follow when responding to significant personal data breaches, introducing mandatory central reporting of such incidents for the first time.
Jun 29, 2026

"Five eyes" warn on accelerating cyber security threat from AI

The National Cyber Security has called on organisational leaders to treat cyber resilience as a core business and governance responsibility rather than a technical matter in the light of a report by the Five Eyes intelligence alliance on the "fundamental" impact of AI on the speed and scale of cyber threats.
Jun 15, 2026

Government AI hackathons uncover 407 vulnerabilities across nine departments, including critical remote code execution flaw

A pilot programme using frontier AI models to scan public-sector code repositories has identified 407 security findings across nine government organisations, including a critical vulnerability that could have allowed an external attacker to execute arbitrary code on a key digital service, the Department for Science, Innovation and Technology (DSIT) and the National Cyber Security Centre (NCSC)…

InfoGov Masthead Newsletter 800