NCSC Malicious Cyber Activity Alert

We have been asked by the National Cyber Security Centre (NCSC) to make all staff at the university aware that Star Blizzard, a group that has been identified using cyber operations to target high profile individuals and entities are almost certainly subordinate to Russia’s Federal Security Service (FSB). 

Who is the NCSC? 

tim kabel fcrydp8gohg unsplash

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents. 

Who is a high-profile target? 

Universities and academics, journalists, public sector organisations, NGO’s and UK Think Tanks. 

What is their aim? 

To interfere with UK politics and our democratic processes.  

What method of cyber attacks are they using?

The activity is typical of spear-phishing campaigns, where an actor targets a specific individual or group, using information known to be of interest to the targets. In a spear-phishing campaign, an actor perceives their target to have direct access to information of interest, be an access vector to another target, or both.

What should you do? 

Protect your accounts 

  • Use strong passwords 
  • Enable 2-step verification on your accounts (including your personal main email account) 
  • Review your social media use and settings 
  • Be cautious about using messaging apps like WhatsApp, Signal and Messenger for sensitive purposes and with your intellectual property.

Protect your devices 

  • Install updates promptly 
  • Download the University's free anti-virus software Sophos and run regular scans
  • Protect physical access to your devices 
  • Know how to erase data from your devices 
  • Use Lockdown Mode on your Apple devices (including your personal devices). This is an extreme protection method that’s designed for the very few individuals who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats. Please speak to your IT manager to discuss this if you believe you need to to enable it. 

What should I do if I think I’ve been targeted? 

If you receive a suspicious email or invites to groups, be very cautious about: 

  • clicking on any links or, 
  • replying to the email,  
  • until you're certain the sender is genuine 
  • Always report suspicious activity to us. You can do this by emailing:


Remember, exercise vigilance: Spear-phishing emails are tailored to avoid suspicion. You may recognise the sender’s name, but has the email come from an address that you recognise? Would you expect contact from this person’s email address rather than their corporate email address? If in doubt, don't click on any links inside the email and mark the email as junk.

Please report suspicious activity early. The university fosters a no-blame culture, and we would like you to report early so we act quickly to keep you safe. 

oxford secure logo orange


Stay up to date on threats by checking our Early Warning Service (EWS) (SSO)


Related Content