The UK has attributed for the first time a range of major cyber-attacks including those against anti-doping authority WADA and the Democratic National Committee (DNC) to Russian military intelligence.
The National Cyber Security Centre (NCSC) took the very public step of naming-and-shaming the GRU for what the UK government sees as its increasing attempts to “undermine international stability.”
The attribution will not be a surprise to many in the cybersecurity industry, with vendors already releasing lengthy reports detailing the activities of APT28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, BlackEnergy, Strontium, and Sandworm, among others.
All of these ‘groups’ are now said in fact to be part of the GRU’s hacking apparatus.
The NCSC said it assessed with “high confidence” that the GRU was “almost certainly” responsible for the WADA attacks which came after Russia was banned from world athletics for doping; the DNC raids which resulted in publication of sensitive emails ahead of the US Presidential election; the BadRabbit ransomware attacks which hit Ukrainian and even Russian institutions; and unauthorized access of email accounts at a UK TV station.
The GRU has already been blamed by NCSC for the VPNFilter home router attacks earlier this year and the June 2017 NotPetya ‘ransomware’ blitz.
The government claimed the attacks had sought to undermine international law and institutions and had cost national economies millions of pounds in the process.
“These cyber-attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport,” said foreign secretary, Jeremy Hunt.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.”
The GRU is also said to be behind the attempted poisoning of a Russian double agent and his daughter living in Salisbury. Although they survived, an English woman died as a result of the attack.
Former senior British intelligence officer, Malcolm Taylor, now director of cyber advisory at ITC Secure, said such an overt attribution of attacks to the GRU is highly unusual.
“They must be very confident of their facts, either due to some sort of technical ‘fingerprint’ in the attack vectors themselves, or perhaps through corroboration from various other intelligence sources,” he added.
“But I think it’s also important to consider who benefits from attacks against these specific targets — WADA, Ukraine and the West in general. The answer to that question of course includes, and may indeed be limited to, Russia and Russian foreign policy interests. The mention of western businesses as targets should also be a reminder that foreign intelligence services do engage in commercial cyber-espionage and we all need to take appropriate steps to manage that risk.”