Britain and Australia accuse Russian military intelligence GRU of global cyberattacks
Russian military intelligence accused of cyberattacks targeting political institutions, businesses, media and sport bodies around the world
Britain and Australia on Thursday accused Russian military intelligence of conducting a campaign of cyberattacks targeting political institutions, businesses, media and sport bodies around the world, while the US has indicted seven Russian agents it said were involved in a global hacking conspiracy.
At the same time, Canada also claimed to have been targeted by Russian hackers, citing breaches at its centre for ethics in sports and the Montreal-based World Anti-Doping Agency.
Operatives from Russia’s GRU arm carried out various “reckless and indiscriminate” high-profile online attacks, British Foreign Secretary Jeremy Hunt said in a statement.
Many have been previously linked to Moscow, including the 2017 “BadRabbit” ransomware targeting of a Ukrainian international airport and Russian media outlets, and the attempted hacking of the World Anti-Doping Agency in Switzerland, also last year.
“This pattern of behaviour demonstrates (the GRU’s) desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Hunt said.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
Britain’s National Cyber Security Centre (NCSC) named the GRU operatives as the perpetrators, according to the Foreign Office.
The NCSC has “high confidence” that the GRU was “almost certainly” responsible for the 2017 attacks, as well as others including the infamous targeting of the US Democratic Party ahead of the 2016 presidential election, Whitehall sources said.
Russia’s embassy in London responded in a statement, saying: “As is traditional, it is not backed by any proof and is another element in an anti-Russian campaign being conducted by the British government.”
The British government holds the Kremlin ultimately responsible for the cyber campaign, they said.
The Foreign Office described the alleged cyber campaign as a “flagrant violation of international law” that had cost national economies millions of pounds.
“These cyberattacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport,” Hunt said.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens.”
Australia joined Britain in its accusations, with the prime minister and foreign minister calling Russian online meddling “unacceptable”.
“The Russian military, and their intelligence arm ‘the GRU’, is responsible for this pattern of malicious cyber activity,” the Australian government said Thursday.
Canberra said it reached its conclusion on advice from Australian intelligence agencies and in consultation with partners and allies.
Prime Minister Scott Morrison and Foreign Minister Marise Payne said that while Australia was not significantly affected by the attacks, Moscow’s behaviour had “shown a total disregard for the agreements it helped to negotiate”.
“Cyberspace is not the Wild West. The international community – including Russia – has agreed that international law and norms of responsible state behaviour apply in cyberspace,” they said in a statement.
The hackers identified by the NCSC include an entity variously called “APT28”, “Pawn Storm”, “Sandworm”, “Fancy Bear” and the “Sofacy Group”, according to Britain’s Foreign Office.
The Justice Department in the United States has previously blamed the group for conducting numerous hacking operations there and around the world.
They include targeting everything from American political parties and the websites of conservative US think tanks to key infrastructure industries such as power grids.
Malcolm Chalmers, deputy director general at the Royal United Services Institute (RUSI), said the GRU’s activities “go well beyond traditional peacetime espionage”.
“By launching disruptive operations that threaten life in target societies, they blur the line between war and peace,” he said.
Russia rejected the accusations, saying they were unworthy and part of a disinformation campaign designed to damage Moscow’s interests, the TASS news agency reported.
Maria Zakharova, a spokeswoman for Russia’s Ministry of Foreign Affairs, was quoted as saying the claims were the product of someone with a “rich imagination” and maybe the UK was judging Russia by what Britain does itself.
Also on Thursday, Dutch intelligence claimed it thwarted a Russian cyberattack targeting the global chemical weapons watchdog in April and expelled four Russian agents.
The Russians are said to have set up a car full of electronic equipment in the car park of a hotel next to the Organisation for the Prohibition for Chemical Weapons in The Hague in a bid to hack its computer system, it said.
“The Dutch government finds the involvement of these intelligence operatives extremely worrisome,” Dutch Defence Minister Ank Bijleveld told a news conference. “Normally we don’t reveal this type of counter-intelligence operation.”
The Netherlands publicly identified the alleged Russian agents and said the operation was carried out by Russia’s GRU military intelligence agency, Dutch officials said.
Britain helped the Netherlands with the operation, they said.
A laptop belonging to one of the four was linked to Brazil, Switzerland and Malaysia. The activities in Malaysia were related to the investigation into the 2014 shooting down of flight MH17 over Ukraine, Bijleveld said.
The US Justice Department on Thursday said it indicted seven GRU agents as part of the joint crackdown with Britain and the Netherlands.
“Nations like Russia and others that engage in malicious and norm-shattering cyber and influence activities should understand the continuing and steadfast resolve of the United States and its allies to prevent, disrupt and deter such unaccountable conduct,” said John Demers, US assistant attorney general for national security.
Additional reporting by Bloomberg, Reuters