Candidates in the general election have been asked to look through their emails for signs that they have been targeted by a phishing attack.
The list of potential targets includes recent MPs.
The National Cyber Security Centre (NCSC), which is part of GCHQ, disclosed the request in a document released early on 16 May.
The BBC understands that the number of victims is currently understood to be in single figures.
Candidates have been asked to look for suspicious emails received after Jan 2017.
The NCSC declined to say if any data had been taken.
A report in the Financial Times said it was “likely” that the phishing campaign had been orchestrated by a state.
In a document titled Phishing: guidance for political parties and their staff, the centre says it has “become aware of phishing attacks to gain access to the online accounts of individuals that were MPs before dissolution of Parliament” and “other staff who work in political parties”.
The NCSC said the attacks were likely to continue “and may be sent to parliamentary email addresses, prospective parliamentary candidates, and party staff”.
‘Personal emails targeted’
The BBC understands that so far victims’ personal emails have been affected but no successful phishing attempts have been made via parliamentary email addresses.
It is believed that the NCSC has contacted the Electoral Commission about the threat and that the commission will help to alert candidates.
The centre said that potential victims should look out for “unexpected requests to reset your password for online or social media accounts (such as Apple, Google, Microsoft, Facebook or Twitter)”.
“Or you might have been asked to approve changes to your account that you’ve not requested.”
The NCSC did not say whether it knew who was behind the phishing campaign.