Britian Accuses Russian GRU Spy Agency Of International Cyber Attacks

Uploaded on 2018-10-04 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

The British government has directly accused Russian military intelligence of being behind a spate of “reckless and indiscriminate cyber-attacks” carried out on the orders of Vladimir Putin’s Kremlin, including the hacking in 2016 of the US Democratic National Committee headquarters.

The Russian military intelligence agency is accused of the attempted assassination of former spy Sergei Skripal has carried out a swathe of attacks in the UK and abroad on political institutions, financial systems, transport networks and the media, according to the British government.

This secret international cyberwar has included the targeting of the US presidential elections which brought Donald Trump to power, according to a new report from the National Cyber Security Centre (NCSC), as well the anti-doping watchdog in world sport.

The report follows the statement by Theresa May that Britain and allied countries will work together to expose the work of the GRU and the methods it uses.

One of the two Russians accused by Britain of the attempted assassination of Skripal and his daughter Yulia in Salisbury, with the poison novichok, has been named as a GRU colonel. The Kremlin has denied the link, and denied any involvement in the poisoning of the former Russian spy.

This new document has been put together by the NCSC, working with other UK and European intelligence agencies, and the NSA and FBI in the United States. Although there were allegations of Russian culpability over many episodes of the organised hacking, investigations have shown that the GRU are the main perpetrators. The trail shows, say security officials, that the organisation has become the Kremlin’s chosen clandestine weapon in pursuing its geopolitical goals. 

The GRU, according to the NCSC, is associated with a number of hacking groups whose names are used as “flags of convenience” including Fancy Bear: Sofacy; Pawnstorm: Sednit: Cyber Caliphate: Cyber Berkut: Voodoo Bear: BlackEnergy Actors: Strontium: Tsar Team and Sandworm.

In April this year the NCSC, the FBI and the US Department of Homeland Security issued a joint alert about Russian cyber activity aimed at both the public sector, infrastructure and internet service providers. Ciaran Martin, the head of the NCSC said at the time:

“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority......

“This is the first time that in attributing a cyberattack to Russia, the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.”

One of the biggest cyberattacks affecting this country took place in October last year when personal details of almost 700,000 UK nationals were accessed following the hacking of the US credit monitoring firm Equifax.

At the same time attacks took place in Ukraine, a state with which Moscow is locked in confrontation, with the metro system in Kiev and Odessa airport hit, along with the synchronised use of malware in Bulgaria, Turkey, Japan and Russia itself.
In the summer of 2015, a British television company was targeted and information from multiple email accounts stolen.
Four months earlier the French television station TV5Monde was taken off air when malicious software destroyed the network system.

A group calling itself the Cyber Caliphate claimed responsibility at the time but the attack was traced back to the Russian hacking group APT 28, which has become better known as Fancy Bear, one of the GRU affiliates. Two months after that, a cyberattack targeted the financial and energy sector in Ukraine, but soon spread further, affecting other European and also Russian businesses. The source of the malware was traced back, say British security officials, to the GRU.

In September 2016, Wada (the World Anti-Doping Agency) was hacked, and data pertaining to athletes, including medical details, stolen. The breach was carried out by Fancy Bear. The information, which was disseminated on Fancy Bear’s website, involved 41 athletes from 13 countries, including six from the UK and 14 sports altogether. The hacking took place after the Russian branch of the organisation was suspended following revelations about a state-sponsored drugs programme. Russia is now about to be readmitted to the organisation, a move that has led to the resignation of a member of Wada’s committee and threats to do so from others.

The allegations of Russian interference in the 2016 US presidential election has hung over the Trump White House, with investigations being carried out by the special counsel, Robert Mueller, with the hacking of the Democratic National Committee (DNC) being one of key issues.

A vast amount of material, including Hilary Clinton’s emails, were made public, some of it through Julian Assange’s Wikileaks site. Twelve Russian nationals, allegedly members of the GRU, have been indicted over the cyberattack by Mr Mueller.
Two GRU teams, Units 26165 and 74455, both located in Moscow, allegedly carried out the campaign, beginning in early 2016, according to the indictment.

One of the intelligence officers, Senior Lt Aleksey Lukashev, used various online fake personas, including “Den Katenberg” and “Yuliana Martynova”, to craft “spearphishing” emails to gather the information. Captain Nikolay Kozachek, allegedly crafted the X-Agent malware used to hack the Democratic Congressional Campaign Committee and DNC networks in April 2016. Unit 74455, also known as the Main Centre for Special Technology, engineered the release of the stolen documents, according to the indictment.

In a statement in response to the NCSC’s report, the foreign secretary, Jeremy Hunt (pictued) said: “The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. 

“This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences. Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

Independent:          Guardian

You Might  Also Read:

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

UK Builds 2,000-Strong Offensive Cyber Force:


 

« Scammers Steal Half-a-Billion Pounds From UK Bank Customers
Facebook Could Face A GDPR Fine Of $1.63bn »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

MAY Cyber Technology

MAY Cyber Technology

MAY Cyber Technology is a Security Management solutions provider located in Turkey & Germany.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Garland Technology

Garland Technology

Garland Technology specializes in network access points (TAPs) for 100% visibility allowing you to see every bit, byte, and packet flowing through your network.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

Dynamic Quest

Dynamic Quest

Dynamic Quest is a managed IT, cloud and security services companies, providing a comprehensive range of technology services including cybersecurity, backup and disaster recovery.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Cybergroot

Cybergroot

Cybergroot provides Cybersecurity Assessment services and professional Information Security trainings.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Graphiant

Graphiant

Graphiant’s Data Assurance service gives businesses end-to-end control and visibility into how data travels throughout the entire business network.