Western accusations against Russia’s GRU spy agency exposed an alleged plot to carry out cyber attacks on a global scale.
The coordinated accusations by western governments against Russia painted a startling picture of a global hacking campaign conducted by Moscow.
Several countries gave detailed information of how Russia’s GRU military intelligence agency has allegedly been trying to disrupt international organisations.
Commentators say the revelations suggest that Russian spies have been surprisingly amateur in their operations – or that Moscow is becoming increasingly brazen in stepping up a hybrid cyber war on the West.
Russia denied what its Foreign Ministry spokeswoman called a “diabolical perfume cocktail” of allegations dreamt up by someone with a “rich imagination”.
Here is a summary of the GRU’s activities, according to western intelligence agencies.
Some of the most detailed accusations came from the Dutch authorities. The UK joined with the Netherlands in accusing Russia of sending agents with wifi antennas to The Hague to try to hack into the Organisation for the Prohibition of Chemical Weapons (OPCW).
The international watchdog had been investigating the nerve agent attack on a Russian ex-spy in Salisbury, England. Last month British police named and published images of two alleged GRU suspects.
The Dutch security services said four Russians had been deported, and published photos, passport records and CCTV images. They released a taxi receipt used by one agent, Aleksei Morenets, to travel from the Moscow street where the GRU is based to the airport on the date the group travelled to the Netherlands.
The Dutch said the laptop of another agent, Evgenii Serebriakov, showed he had been active in Malaysia targeting a probe into the crash of Malaysia Airlines Flight MH17 which killed 298 people. International investigators have said the plane was shot down over Ukraine by a Russian-made Buk missile, supplied by a Russian-based unit.
Online searches revealed that one of the agents had registered five vehicles at a GRU address in Moscow where one of the Salisbury suspects had been trained.
The US Department of Justice charged seven Russian GRU agents on Thursday with computer hacking, wire fraud, identity theft and money laundering. Four of them, also named by the Netherlands, are said to have travelled the world using wifi connections and phishing operations to hack their targets.
The indictment claims conspirators targeted anti-doping bodies after Russia’s state-sponsored subversion of drug testing processes had been exposed.
Russian intelligence is accused of targeting the US and world anti-doping agencies. Athletes’ data including medical records were stolen and posted online, with the false claim that a hacktivist group was behind it.
Other alleged targets include the Court of Arbitration for Sport, football’s governing body FIFA, and the US Westinghouse Electric Company, which specialises in nuclear technology.
Agents are said to have travelled to Rio de Janeiro in Brazil, Lausanne in Switzerland, the US state of Pennsylvania, and The Hague to target the OPCW.
The British government accused Russia’s GRU military intelligence agency of “indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport”.
The National Cyber Security Centre (NCSC) listed six specific hacking attacks between 2015 and 2017, four of which it said for the first time had been sourced in Russia:
The BadRabbit attack on IT systems in October 2017 which affected several countries including Russia and Ukraine, where it disrupted the Kyiv metro and Odessa airport
The World Anti-Doping Agency (WADA) was hacked and medical files of international athletes stolen – this happened after Russian athletics had been banned from the Rio Olympics over state-sponsored doping
The 2016 cyber attack on the US Democratic National Committee (DNC), which US security officials have already blamed on Moscow
The hacking of email accounts at a small unidentified UK TV station in July-August 2015
A dozen hacking group code names were listed and said by the British to be “almost certainly” cover for the GRU: among them APT 28, Fancy Bear, Voodoo Bear, and CyberCaliphate – this last one previously linked to the so-called Islamic State group.
Canada added its voice to the coordinated effort to expose alleged Russian cyber attacks, and confirmed that a parallel investigation by the Royal Canadian Mounted Police (RCMP) was ongoing.
Australia backed the initial British accusations against Russian military intelligence. “The online environment is not the Wild West and the international rules apply,” said Prime Minister Scott Morrison.