Britain says Russian military intelligence behind host of global cyber attacks

Reuters
Russian President Vladimir Putin and Defense Minister Sergei Ivanov are shown walking past a marble floor depicting a bat at the new GRU military intelligence headquarters building in Russia.

In a British assessment based on work by its National Cyber Security Centre (NCSC), the Russian military intelligence (GRU) was cast as a pernicious cyber aggressor which used a network of hackers to spread discord aimed at undermining Western democracies to the global chemical weapons watchdog.

GRU, Britain said, was almost certainly behind the BadRabbit and World Anti-Doping Agency attacks of 2017, the hack of the  Democratic National Committee (DNC) in 2016 and the theft of emails from a UK-based TV station in 2015.

The Netherlands said it had caught four GRU officers red handed as they tried to hack into the Organization for the Prohibition of Chemical Weapons from a hotel next door in April.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries,” said British Foreign Secretary Jeremy Hunt.

“Our message is clear — together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability,” Hunt said. Britain believes the Russian government is responsible for the attacks.

Maria Zakharova, a spokeswoman for the Russian Ministry of Foreign Affairs, told a news briefing that the British accusations were the product of someone with a “rich imagination.”

“It’s some kind of a diabolical perfume cocktail (of allegations),” the Tass Russian news agency quoted Zakharova as telling reporters.

Though less well known than the Soviet Union’s once mighty KGB, Russia’s military intelligence service played a major role in some of the biggest events of the past century, from the Cuban missile crisis to the annexation of Crimea.

Russian cyber power?

Though commonly known by the acronym GRU, which stands for the Main Intelligence Directorate, its name was formally changed in 2010 to the Main Directorate of the General Staff (or just GU). Its old acronym — GRU — is still more widely used.

It has agents across the globe and answers directly to the chief of the general staff and the Russian defense minister. The GRU does not comment publicly on its actions. Its structure, staff numbers and financing are Russian state secrets.

The GRU traces its history back to the times of Ivan the Terrible, though it was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Vladimir Lenin insisted on its independence from other secret services.

British Prime Minister Theresa May has said GRU officers used a nerve agent to try to kill former double agent Sergei Skripal, who was found unconscious in the English city of Salisbury in March. Russia has repeatedly denied the charges.

After the Skripal poisoning, the West agreed with Britain’s assessment that Russian military intelligence was to blame and launched the biggest expulsion of Russian spies working under diplomatic cover since the height of the Cold War.

According to a presentation by the head of the Netherlands’ military intelligence agency, four Russians arrived in the Netherlands on April 10 and were caught with spying equipment at a hotel located next to the OPCW headquarters.

At the time, the OPCW was working to verify the identity of the substance used in the Salisbury attack. It was also seeking to verify the identity of a substance used in an attack in Douma, Syria.

Russian President Vladimir Putin, himself a former KGB spy, said on Wednesday that Skripal, a GRU officer who betrayed dozens of agents to Britain’s MI6 foreign spy service, was a “scumbag” who had betrayed Russia.

Britain said the GRU was associated with a host of hackers including APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berkut, Voodoo Bear and BlackEnergy Actors.

“This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Foreign Secretary Hunt said.

The United States sanctioned GRU officers including its chief, Igor Korobov, in 2016 and 2018 for attempted interference in the 2016 US election and cyber attacks.

Australia and New Zealand backed the United Kingdom’s findings on the GRU.

“Cyberspace is not the Wild West. The International Community — including Russia — has agreed that international law and norms of responsible state behavior apply in cyberspace,” Australia’s Prime Minister Scott Morrison said.

“By embarking on a pattern of malicious cyber behavior, Russia has shown a total disregard for the agreements it helped to negotiate,” Morrison said.

By Guy Faulconbridge and Anthony Deutsch/Reuters

Additional reporting by Stephanie van den Berg and Colin Packham; Editing by Stephen Addison.

Less than .05% of listeners will donate. Can we count on you?

Our coverage reaches millions each week, but only a small fraction of listeners contribute to sustain our program. We still need 224 more people to donate $100 or $10/monthly to unlock our $67,000 match. Will you help us get there today?