The head of the UK’s National Cyber Security Centre (NCSC) has confirmed that Russian-linked actors have launched attacks on critical infrastructure.
Ciaran Martin, the founding chief executive of the NCSC, said Russia has attempted to “undermine the international system” and sow discord through a range of cyber operations.
Speaking at the Times Tech Summit in London, Martin said: “I can’t get into precise details of intelligence matters, but I can confirm that Russian interference, seen by the National Cyber Security Centre over the past year, has included attacks on the UK media, telecommunications and energy sectors.”
The NCSC operates as a branch of GCHQ (Government Communications Headquarters), an organization known for intelligence expertise and a member of the Five Eyes alliance alongside Australia, Canada, New Zealand and the United States.
The agency reported links “from multiple UK IP addresses to infrastructure associated with advanced state‑sponsored hostile threat actors, who are known to target the energy and manufacturing sectors.”
“NCSC believes that due to the use of widespread targeting by the attacker, a number of industrial control system engineering and services organisations are likely to have been compromised,” the centre warned.
Earlier reporting in September suggested a group with alleged ties to the Russian government was suspected of breaching parts of the US energy grid, raising concerns about the reach and impact of state‑linked cyber operations.
Influencing public opinion
At the same time, then‑Prime Minister Theresa May publicly accused Russia of interfering in elections and manipulating public opinion with fabricated stories and coordinated disinformation campaigns.
“I have a very simple message for Russia,” May said. “We know what you are doing. And you will not succeed. Because you underestimate the resilience of our democracies, the enduring attraction of free and open societies, and the commitment of western nations to the alliances that bind us.”
Those allegations coincided with ongoing investigations into Russian activity connected to the US presidential election. Social platforms such as Facebook and Twitter moved to suspend accounts used to run paid ads and organic posts designed to inflame divisions.
One notable example was the Twitter account @SouthLoneStar, later linked to the Internet Research Agency—a so‑called “troll factory” based in St. Petersburg. The account posed as a “proud TEXAN and AMERICAN patriot” and frequently posted pro‑Trump messages. It helped amplify a false image after the Westminster attack that supposedly showed a Muslim woman ignoring injured victims; the image’s portrayal was later disproved.
The photograph was picked up by several media outlets, and the account highlighted press coverage as evidence of a successful disinformation campaign. Twitter shut down @SouthLoneStar in mid‑2017, and the platform later provided Congress with a list of roughly 2,700 accounts suspected of being operated by the Internet Research Agency.
These incidents underscore how the nature of conflict has evolved beyond conventional military confrontation. Cyber operations and information warfare now pose strategic risks to democracies, infrastructure and public trust, making cybersecurity as vital as territorial defense.
Update 16/11: Shortly after this article was first published, investigative group Bellingcat uncovered additional examples of Russian use of Twitter for disinformation—this time involving a post from an official account of the Russian Ministry of Defence.
The account shared an image that purported to offer “irrefutable” proof of US collusion with ISIS; the image turned out to be a screenshot from a mobile game. Bellingcat’s founder, Eliot Higgins, observed the irony of the ministry echoing accusations it had previously levelled against the US while itself posting a fabricated image.
The image was subsequently deleted, but not before it was shared and initially reported as fact by other Russian outlets.
What are your thoughts on the Russian hacking allegations? Let us know in the comments.