It was recently reported that the former UK Prime Minister, Liz Truss, was the victim of a compromised personal mobile phone in the summer of 2022, whilst she was the then Home Secretary.

Undisclosed sources have told British media outlets that the threat actors are “suspected foreign agents”.

The Mail on Sunday Newspaper (October 30) reported the compromise, citing unnamed security sources as the provider of the information. The source described that a years’ worth of personal messages was extracted from the minister’s phone by the unknown threat actor and that Russia was the suspected nation responsible.

In response to the report, the Kremlin’s official spokesperson, Dmitry Peskov, stated: “Unfortunately, there is a shortage of material in the British media that can be perceived as serious”. This has been accepted as a denial to the allegation.

Security researchers have been quick to try and explain how the compromise may have occurred and by which means. ESET global security have suggested that the notorious Pegasus spyware that was seen used in Downing Street devices in April 2022 may have been deployed.

On this previous occasion, its use was attributed to the United Arab Emirates, but with its high-level capabilities and low-level detections, it’s likely that other threat actors would be keen to utilise the clearly effective spyware.

Photographs of Truss have also been circulated, identifying how easy it is to identify the make and model of her personal phone, thus assisting threat actors when seeking tactics, techniques and procedures (TTPs) to use against the target.

The use of personal devices and services for work continue to create unnecessary risk and exposure to organisations as exhibited by Liz Truss and the many pictures of her using her mobile phone in full public view.

Also recently was the breach of ministerial code by Suella Braverman when, in her first stint as Home Secretary, she sent confidential government immigration documents via her personal email account.

These human errors of judgement will remain an attractive weak point for exposure by threat actors and Advanced Persistent Threat (APT) groups.

Organisations should highlight these issues as recent examples during regular staff training.

Staff Awareness Training is a service we offer, and also check out the new Cyber Path service in which we use highly trained students from a rich talent pool to deliver this training.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).