Britain has accused Russian military intelligence of directing a series of cyber attacks aimed at undermining Western democracies, targeting a wide range of activities from sport to transport and politics.
The UK has previously accused the Russian state of involvement in cyber attacks, but this is the first time it has gone so far in pointing the finger at the GRU — and concludes that “the Russian government — the Kremlin — was responsible”.
It is also the first time the accusations come directly from British intelligence. The National Cyber Security Centre (NCSC) — part of the government intelligence organisation GCHQ — says Russia’s military intelligence agency has carried out “indiscriminate and reckless cyber attacks”, in “flagrant violation of international law”, affecting national economies and people in many countries, including Russia.
The UK’s accusations
Published on the NCSC website, the accusations are accompanied by a statement from the British Foreign Secretary Jeremy Hunt, condemning the GRU.
“This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” he wrote.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
The communique says that attacks previously attributed to global hackers now bear the hallmarks of Russian military intelligence.
A dozen hacking group code names are said to be cover for the GRU: among them are Fancy Bear, Voodoo Bear, and CyberCaliphate — this last one previously linked to the so-called Islamic State group.
The UK lists six specific attacks between 2015 and 2017, four of which it says for the first time were sourced in Russia:
- The BadRabbit attack on IT systems in October 2017 which affected several countries including Russia and Ukraine, where it disrupted the Kyiv metro and Odessa airport
- The hacking of confidential medical files of international athletes under the control of the World Anti-Doping Agency (WADA), which happened after Russian athletics was banned from the Rio Olympics
- The 2016 cyber attack on the US Democratic National Committee (DNC), which US security officials have already blamed on Moscow
- The hacking of email accounts at a small unidentified UK TV station in July-August 2015
In all these cases the NCSC assesses with “high confidence” that the GRU was “almost certainly” responsible.
What is the GRU?
The acronym stands for the agency’s former name, the Main Intelligence Directorate. Founded in 1918 by Lenin after the Bolshevik Revolution, it was independent from other secret services.
It has agents around the world and is responsible to Russia’s defence minister. It never comments publicly on its actions and its structure and financing are Russian state secrets.
The United States sanctioned GRU officers in 2016 and 2018 for attempted interference in the 2016 US election and cyber attacks.
What does Moscow say?
Moscow has always denied allegations of interference and cyber attacks as Western fabrication and propaganda.
This includes the nerve agent attack in Salisbury on Sergei Skripal and his daughter Yulia in March. In the aftermath, Prime Minister Theresa May pledged to reveal the full extent of GRU disruption.
The UK has charged two alleged Russian intelligence agents with attempted murder. Russian explanations that the men — who admitted they were in the English town at the time — were tourists, have been widely ridiculed.
On Wednesday, President Vladimir Putin launched a blistering attack on Sergei Skripal, a GRU officer who exposed dozens of agents to Britain’s MI6 foreign spy service.
“He’s just a spy, a traitor to the homeland, do you understand that concept? A traitor to the homeland,” he replied to a questioner. “He’s just a scumbag and that’s it, and an entire information campaign has been launched around this.”