The claim is a precursor to the announcement of further UK intelligence revelations of Russian state involvement in the poisoning in Salisbury of Sergei Skripal, the Russian double agent.
In an unprecedented statement, the foreign secretary, Jeremy Hunt, said the National Cyber Security Centre (NCSC) had found that a number of hackers widely known to have been conducting attacks around the world were covers for the the Russian GRU intelligence service. He added that their attacks had been undertaken with the consent and knowledge of the Kremlin.
The British government claimed the attacks had been conducted “in flagrant violation of international law, had affected citizens in a large number of countries, including Russia, and had cost national economies millions of pounds”.
The Foreign Office attributed six specific attacks to GRU-backed hackers and identified 12 hacking group code names as fronts for the GRU – Fancy Bear, Voodoo Bear, APT28, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berku, BlackEnergy Actors, STRONTIUM, Tsar Team and Sandworm.
The assertions by the British government fulfil a pledge made by Theresa May to reveal the full extent of GRU disruption in the wake of the poisoning of Skripal earlier this year. Skripal had himself been a member of the GRU since 1979 before defecting to the British.
The UK government has been unusually aggressive in identifying the two men suspected of travelling to Salisbury to poison Skripal and his daughter, Yulia, as Russian intelligence agents. Official Russian explanations for the two man visit to Salisbury have been widely ridiculed, prompting tensions inside the Russian government over the inept handling of the episode.
In its statement, Britain for the first time identified four cyber-attacks as Russian-sourced. They include an October 2017 attack through BadRabbit ransomware that rendered IT inoperable, causing disruption to the Kiev metro, Odessa airport, Russia’s central bank and two Russian media outlets.
Further attacks attributed to Russia for the first time are the 2017 hacking of confidential medical files of international athletes under the control of the World Anti-Doping Agency, attacks on a small, still functioning British-based TV station and finally the 2016 hacking of the Democratic National Committee (DNC), which was used to take thousands of internal party emails published by outlets including WikiLeaks during that year’s US presidential election campaign.
The cyber-attack on the DNC headquarters, critical to the outcome of the 2016 elections, has often been attributed to the Russians, but it is the first time the UK intelligence services have made the claim.
Two other attacks previously attributed to Russia were also highlighted in the UK statement.
In an accompanying statement, Hunt said: “These cyber-attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport. The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.”
CEO SonicWall. Bill Conner who has advised both the UK and US governments on matters of cybersecurity said that the British and Americans tended to operate independently on issues like elections, tariffs or natural disasters.
"However, the cyber landscape, with its non-existent borders and limitless boundaries, is forcing us to work together in new ways. Today’s announcement by the UK government highlights a growing need for public and private sectors around the world to work together to detect, defend and dissipate the rising volume and ferocity of cyberattacks. Countries and organizations alike must prioritise the protection of their critical infrastructure, elections, energy supply chains, intellectual property and financial systems from those seeking to exploit them in this cyber arms race", Conner said.
