Skydagger — skydagger.com

Russian Hackers Infiltrate UK Government Networks to Harvest Sensitive Credentials

Russian cyber actors have successfully infiltrated UK government networks, extracting official email credentials and offering unauthorized system access to dark web buyers for tens of thousands of dollars.

July 05, 2026 Ahmet Koçak

Cover Image

A laptop on a Russian flag - Getty Images

Russian hackers have breached U.K. government networks to steal official login credentials, establishing an active intelligence-gathering operation that is currently being monetized on the dark web.

The cyber campaign has compromised the email accounts of British diplomatic staff deployed overseas, as well as municipal officials within the U.S. ally's domestic administration.

Access data gathered from the infiltration is being traded on illicit digital forums for sums of up to $60,000, creating immediate pathways for deeper penetration into Whitehall departments.

Systemic Firewall Failures

Security researchers identified the operation, designated FortiBleed, after it compromised more than 80,000 firewalls manufactured by the cybersecurity vendor Fortinet.

The hostile actors bypassed defensive perimeters that safeguard critical national infrastructure by exploiting previously stolen datasets against newly discovered software vulnerabilities.

Leaked records demonstrate that compromised accounts include IT personnel at British embassies in Thailand and Mauritius, as well as local government administrators in Derbyshire and Waltham Forest.

Risks to National Infrastructure

The exposure of valid passwords enables any purchasing entity to gain network access, raising significant alarms about the operational continuity of essential services.

Independent analysts warn that the data cache contains entry points for the National Health Service (NHS), domestic energy corporations, and strategic pharmaceutical distributors.

Security specialists emphasize that credential theft of this magnitude often serves as the initial stage for devastating ransomware deployments capable of halting hospital operations.

Active Network Infiltration

A cybersecurity alert issued by the National Cyber Security Centre (NCSC) confirmed an ongoing brute-force assault exploiting Fortinet architecture, prompting mandates for immediate network audits.

The underlying code governing the active exploit is composed entirely in Russian, with an operative using the digital alias "SantaAd" managing the dark web auctions.

While direct state direction remains unproven, Western intelligence agencies previously noted that Moscow increasingly nurtures, inspires, and provides sanctuary to non-state cyber proxies targeting British assets.

Russian Hackers Infiltrate UK Government Networks to Harvest Sensitive Credentials