UK blames Russian military for ‘reckless’ cyber attacks
Britain, Australia and New Zealand have accused Russian military intelligence of carrying out a worldwide campaign of “malicious” cyber attacks, including the hacking of the US Democratic National Committee in 2016.
British Foreign Secretary Jeremy Hunt said in a statement Thursday that the country’s National Cyber Security Centre (NCSC) had found that Russian GRU intelligence service operatives were behind cyber attacks believed to have cost the global economy millions of dollars.
Australia and New Zealand released similar statements alleging that their own intelligence agencies had found evidence of Russian involvement in the same attacks on political, business, media and sporting institutions.
Britain, Australia and New Zealand are all members of the Five Eyes intelligence sharing alliance, which also includes the US and Canada.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,” Hunt said in a statement.
“This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.”
In statements Thursday, UK, Australia and NZ authorities attributed high-profile cyber attacks to GRU-backed hackers: Attacks on the servers of the Democratic National Committee in 2016 in the lead-up to the US presidential election; a 2017 ransomware attack that targeted Russian news agencies, operations at a metro in the Ukrainian capital of Kiev and an airport in the city of Odessa; the release of confidential files of international athletes stolen from the World Anti-Doping Agency (WADA) in 2016.
The Kremlin has not responded to the British and Australian allegations, but Russian leaders have consistently denied many of the hacks attributed to Moscow, including allegations that it meddled in the 2016 US presidential elections.
Diplomatic relations between Russia and Britain have deteriorated since the poisoning of Russian double agent Sergei Skripal and his daughter in the British city of Salisbury earlier this year. UK authorities have accused the GRU of using a military grade nerve agent to attack Skripal, himself a former Russian agent.
Russian authorities have vehemently denied the Kremlin was involved in the attack.
When asked about the Salisbury case Wednesday at an energy forum in Moscow, Russian President Vladimir Putin called Skripal a “traitor” and a “scumbag” and suggested the incident was being “artificially blown up” by the media.
British investigators have linked the attack on the Skripals to the June 30 poisoning of Dawn Sturgess and Charlie Rowley, a couple living in Amesbury, near Salisbury. Sturgess died on July 8 after applying a substance to her wrists from a perfume bottle found by Rowley. Russia also denied any involvement in the incident.
In relation to its latest claims against Russia, the British government identified the following names and aliases as associated with the GRU cyber attacks: APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berkut, Voodoo Bear, BlackEnergy Actors, STRONTIUM, Tsar Team and Sandworm.
It is unusual for the NCSC publicly to name those it believes are responsible for state-sponsored cyber attacks. The decision suggests Britain and its allies are taking a new approach in order to point the finger at the GRU specifically.
The attacks attributed to the GRU targeted four sectors that impact people’s day-to-day lives: democracy, transport, media and sport.
“While Australia was not significantly impacted, this activity affected the ability of the public in other parts of the world to go about their daily lives,” Australian Prime Minister Scott Morrison and Foreign Affairs Minister Marise Payne said in a joint statement Thursday.
“Cyberspace is not the Wild West. The International Community — including Russia — has agreed that international law and norms of responsible state behavior apply in cyberspace.”
The head of New Zealand’s Communications Security Bureau said the alleged cyber activities served “no legitimate national security interest.”
“They were designed to negatively impact on the ability of people around the world to go about their daily lives free from interference,” said Director-General Andrew Hampton.
The four alleged attacks
The Bad Rabbit ransomware attack in 2017 spread through Russia and Ukraine around the world. Ransomware attacks involve threatening a user’s files or computer access in exchange for a ransom.
In the case of Bad Rabbit, the hackers disguised the ransomware as an update to Adobe software before locking down computers and demanding money for people to get their files back.
Most victims were located in Russia, but several cybersecurity firms identified attacks linked to Bad Rabbit in Turkey, Germany, Bulgaria, Japan, South Korea and the United States.
The WADA attack involved the release of Therapeutic Use Exemptions (TUE) for sports stars including American four-time Olympic gold medalist Simone Biles as well as tennis sisters Venus and Serena Williams.
At the time, WADA President Craig Reedie said that the hacking was clearly a retaliatory attack after 118 of Russia’s athletes were banned from competing at the Rio 2016 Olympic Games following revelations of “state-sponsored” doping.
All three countries said they had determined Russia hacked the Democratic National Convention ahead of the 2016 presidential election. That hack led to the release of a batch of private emails and notes, including many that belonged to Hillary Clinton’s campaign manager, John Podesta.
In the months following the cyber attack, the US intelligence community concluded that Russia did in fact attempt to interfere in the 2016 presidential elections, and top national security officials said in August that Russia is continuing to pursue similar efforts.
TV station attack
The statements accused Russia of stealing content and illicitly accessing email accounts from a small UK-based TV station in July and August 2015. The station was not named.