Russian military intelligence officers allegedly travelled in person to the offices of targeted organizations in Switzerland, Brazil, Malaysia and the Netherlands to compromise Wi-Fi networks in a wide-ranging cyber-espionage campaign, it has emerged.
The allegations were made by the US Department of Justice (DoJ) as it indicted seven GRU officers yesterday for computer hacking, wire fraud, aggravated identity theft, and money laundering.
When the officers couldn’t obtain targeted users' log-ins or the hacked accounts didn’t give them the necessary privileged access, they allegedly travelled physically to hack them via Wi-Fi connections, including hotel Wi-Fi networks.
Anti-doping agency WADA, and the Organisation for the Prohibition of Chemical Weapons (OPCW) — which was investigating the Salisbury poisoning and use of chemical weapons in Syria — are said to have been among the targets.
Reports suggest four GRU officers set up hacking equipment in the boot of a car parked in the OPCW’s offices in The Hague.
They are said to have been disrupted by Dutch intelligence officers, who confirmed the equipment had also been used at the Swiss hotel used by the Canadian Centre for Ethics in Sport (CCES) and a hotel in Kuala Lumpar, where investigations were underway into the downing of Malaysia Airlines flight MH17 over Ukraine.
"State-sponsored hacking and disinformation campaigns pose serious threats to our security and to our open society, but the Department of Justice is defending against them," said attorney general Jeff Sessions in a statement.
"Today we are indicting seven GRU officers for multiple felonies each, including the use of hacking to spread the personal information of hundreds of anti-doping officials and athletes as part of an effort to distract from Russia’s state-sponsored doping program.”
Other victim organizations named in the indictment included US nuclear power provider Westinghouse Electric Company, which was targeted with spear phishing attacks.
The US indictments, which are more for PR purposes than anything else as Russia won’t extradite the officers, follow the UK government’s attribution to the GRU of major cyber-attacks against the DNC and WADA, as well as Bad Rabbit.