Russian military intelligence (GRU) used a network of hackers across the world to attack a wide range of targets, including the Organization for the Prohibition of Chemical Weapons (OPCW) in the Netherlands and the UK’s Foreign and Commonwealth Office, the UK’s National Cyber Security Centre (NCSC) said.
Other targets included the hack of the U.S. Democratic National Committee in 2016 and the World Anti-Doping Agency in 2017, according to a conclusion made by the NCSC with “high confidence.”
The GRU was almost certainly behind those attacks, Britain said, as well as attacks on Ukraine’s Kyiv metro and Odessa airport, Russia’s central bank, two Russian media outlets, and an unidentified small UK-based television station.
Most attacks were based around obtaining passwords via phishing—tricking people into giving up details by using fake emails, websites, or text messages—or using ransomware to encrypt the contents of a computer, then demanding payment.
The attack on the OPCW took place in May 2018 at the time the organization was working to independently verify the UK’s analysis of the chemical used in the poisoning of the Skripals in Salisbury.
British Prime Minister Theresa May said in a statement that the OPCW hack “demonstrates the GRU’s disregard for the global values and rules that keep us all safe.”
May added, “We will uphold the rules-based international system, and defend international institutions from those that seek to do them harm.”
The NCSC said that the attacks were aimed at destabilizing democracies and were in “flagrant violation of international law.”
UK Says Kremlin Responsible
British authorities believe that two GRU agents were behind the nerve-agent attack in Salisbury, in which they tried to kill former double-agent Sergei Skripal. Russia has repeatedly denied the charges.
The NCSC says that hackers from the GRU have operated using various names, including APT28, BlackEnergy Actors, Fancy Bear, and Tsar Team.
The hackers were behind the October 2017 BadRabbit ransomware attack, the NCSC says, which encrypted hard drives and caused disruption to public transportation in Ukraine.
The UK government believes that the Kremlin was ultimately responsible for the GRU hacks.
“The GRU’s actions are reckless and indiscriminate: They try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,” Britain’s Foreign Secretary Jeremy Hunt said in a statement.
Following the Skripal poisoning, many Western countries concluded that Russian military intelligence was behind the attacks and set about expelling Russian spies working under diplomatic cover.
A spokesperson from the UK Russian Embassy called the NCSC’s assertions “reckless.”
“Such statements by the Foreign Office are nothing but crude disinformation, aimed at confusing the British and world public opinion,” they said in a statement.
Australia and New Zealand supported Britain’s assessment of the GRU and pledged to improve cooperation on responses to cyber attacks.
“Cyberspace is not the Wild West. The international community—including Russia—has agreed that international law and norms of responsible state behavior apply in cyberspace,” Australian Prime Minister Scott Morrison said in a statement. “By embarking on a pattern of malicious cyber behavior, Russia has shown a total disregard for the agreements it helped to negotiate.”
The United States has sanctioned GRU officers for attempting to interfere in the 2016 U.S. election and other cyber attacks.
Earlier this year, the Trump administration blamed Russia for a series of cyber attacks that targeted many critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation, and manufacturing.