Fewer than 90 email accounts with weak passwords are believed to have been hacked in ‘sustained’ attack.
The Russian government is suspected of being behind a cyber-attack on parliament that breached dozens of email accounts belonging to MPs and peers.
Although the investigation is at an early stage and the identity of those responsible may prove impossible to establish with absolute certainty, Moscow is deemed the most likely culprit.
The disclosure follows the release of the first details of the “sustained” cyber-attack that began on Friday. Fewer than 90 email accounts belonging to parliamentarians are believed to have been hacked, a parliamentary spokesman said.
Amid fears that the breach could lead to blackmail attempts, officials were forced to lock MPs out of their own email accounts as they scrambled to minimise the damage from the incident.
The network affected is used by every MP including Theresa May, the prime minister, and her cabinet ministers for dealing with constituents.
The British security services believe that responsibility for the attack is more likely to lie with another state rather than a small group of individual hackers.
The number of states who might mount such an attack on the UK is limited, and, in addition to Russia, includes North Korea, China and Iran.
A security source said: “It was a brute force attack. It appears to have been state-sponsored.”
“The nature of cyber-attacks means it is notoriously difficult to attribute an incident to a specific actor.”
MPs contacted by the Guardian said the immediate suspicion had fallen upon foreign governments such as Russia and North Korea, both of which have been accused of being behind hacking attempts in the UK before.