Britain and Australia on Thursday accused Russian military intelligence of conducting a campaign of cyber attacks targeting political institutions, businesses, media and sport bodies around the world. Operatives from Russia’s GRU arm carried out various “reckless and indiscriminate” high-profile online attacks, British Foreign Secretary Jeremy Hunt said in a statement. Many have been previously linked to Moscow, including the 2017 “BadRabbit” ransomware targeting of a Ukrainian international airport and Russian media outlets, and the attempted hacking of the World Anti-Doping Agency in Switzerland, also last year. “This pattern of behaviour demonstrates (the GRU’s) desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Hunt said.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.” Britain’s National Cyber Security Centre (NCSC) named the GRU operatives as the perpetrators, according to the Foreign Office. The NCSC has “high confidence” that the GRU was “almost certainly” responsible for the 2017 attacks, as well as others including the infamous targeting of the US Democratic Party ahead of the 2016 presidential election, Whitehall sources said. The British government holds the Kremlin ultimately responsible for the cyber campaign, they added.
The Foreign Office described the alleged cyber campaign as a “flagrant violation of international law” that had cost national economies millions of pounds. “These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport,” Hunt added. “The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens.”Australia joined Britain in its accusations, with the prime minister and foreign minister calling Russian online meddling “unacceptable”.
“The Russian military, and their intelligence arm ‘the GRU’, is responsible for this pattern of malicious cyber activity,” the Australian government said Thursday. Canberra said it reached its conclusion on advice from Australian intelligence agencies and in consultation with partners and allies. Prime Minister Scott Morrison and Foreign Minister Marise Payne said that while Australia was not significantly impacted by the attacks, Moscow’s behaviour had “shown a total disregard for the agreements it helped to negotiate”. “Cyberspace is not the Wild West. The international community — including Russia — has agreed that international law and norms of responsible state behaviour apply in cyberspace,” they said in a statement.
The hackers identified by the NCSC include an entity variously called “APT28”, “Pawn Storm”, “Sandworm”, “Fancy Bear” and the “Sofacy Group”, according to the British Foreign Office. The Justice Department in the United States has previously blamed the group for conducting numerous hacking operations there and around the world. They include targeting everything from American political parties and the websites of conservative US think tanks to key infrastructure industries such as power grids. Malcolm Chalmers, deputy director general at the Royal United Services Institute (RUSI), said the GRU’s activities “go well beyond traditional peacetime espionage”. “By launching disruptive operations that threaten life in target societies, they blur the line between war and peace,” he added.