Reform UK has alleged that Moscow-linked hostile state actors used “spear phishing” tactics to compromise the phone, email and bank accounts of the party’s leader, Nigel Farage, according to claims reported by The Mail on Sunday. The party said that “counter-espionage experts” who conducted a forensic analysis of Farage’s phone concluded that the attackers were “almost certainly linked to Moscow”. However, the identity of those experts and the specifics of their findings have not been publicly disclosed, and the claims have been met with significant scepticism from cybersecurity officials.
How spear phishing works and why it matters
Spear phishing is a highly targeted form of cyber attack in which criminals or state-sponsored actors use social engineering to trick a specific individual into handing over sensitive information. Unlike generic phishing emails sent to thousands of people, spear phishing messages are carefully crafted to impersonate a trusted source — such as a colleague, a bank or a government official — often using personal details gathered from public records or previous breaches. The goal is to persuade the victim to click a malicious link, open an infected attachment or reveal passwords and account details.
The use of such tactics by state actors is well documented. The UK has previously exposed Russian attempts to interfere in its political processes through cyber operations. The FSB, through groups such as Star Blizzard — also known as Callisto Group, SEABORGIUM or COLDRIVER — has been targeting British parliamentarians with spear-phishing attacks since at least 2015. That group was also linked to the hack and leak of UK-US trade documents ahead of the 2019 General Election. The implication for security is serious: a successful spear-phishing campaign against a senior political figure can give hostile actors access to communications, financial data and sensitive political strategy, potentially compromising both personal security and national interests.
The alleged attack on Farage is said to be linked to the disclosure of a £5 million donation made to him in 2024 by Thailand-based crypto-entrepreneur Christopher Harborne. Farage initially claimed the money was for personal security, then later said it was a “reward for campaigning for Brexit”. Questions have also been raised about the purchase of a £1.4 million house shortly after receiving the gift, with company accounts reportedly inconsistent with claims that the house was bought with funds from a reality TV appearance. Harborne, who has also donated £12 million to Reform UK over the past year and previously contributed to the Conservative Party under Boris Johnson, accompanied the former prime minister on a visit to Ukraine after the 2022 invasion. Defence Secretary John Healey has called on Farage to clarify whether any portion of the £5 million may have originated from transactions linked to Russian state-affiliated energy firms.
Labour Party chair Anna Turley reported the hacking allegations to the Metropolitan Police and the National Cyber Security Centre (NCSC) after Reform UK failed to provide proof that they had alerted the authorities, despite a 24-hour deadline set by Turley. She said the alleged crime has “potential wider implications for Britain’s national security”. The NCSC stated that it is “ready to support with any suspected cyber incident that is reported to us” and that “defending democracy is always our priority”, but the agency could not confirm whether Reform UK had made a report. It is understood the NCSC has not received a report directly from Farage.
Reform UK itself has offered only a vague response to questions about how it reported the incident, declining to specify which “relevant authorities” were contacted. The Parliamentary Standards Commissioner is also investigating Farage’s failure to declare the £5 million donation.
Ciaran Martin, the former head of the NCSC, has described the hacking allegations as “entirely unsubstantiated” and “without any merit”. He noted that Farage has yet to provide “a shred of evidence” and that such claims have “massive implications for British policy towards Russia”. Martin also questioned the technical leap required to attribute a hack to the Russian state based on analysis of a single device. The Guardian, which first reported the £5 million donation, dismissed suggestions that its reporting was based on a Russian hack as “absurd” and an “attempt to deflect attention from legitimate scrutiny of his financial affairs”.
The allegations were first reported by The Mail on Sunday, citing unnamed Reform UK sources and their so-called counter-espionage experts.
