Britian Accuses Russian GRU Spy Agency Of International Cyber Attacks

Uploaded on 2018-10-04 in NEWS-News Analysis, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

The British government has directly accused Russian military intelligence of being behind a spate of “reckless and indiscriminate cyber-attacks” carried out on the orders of Vladimir Putin’s Kremlin, including the hacking in 2016 of the US Democratic National Committee headquarters.

The Russian military intelligence agency is accused of the attempted assassination of former spy Sergei Skripal has carried out a swathe of attacks in the UK and abroad on political institutions, financial systems, transport networks and the media, according to the British government.

This secret international cyberwar has included the targeting of the US presidential elections which brought Donald Trump to power, according to a new report from the National Cyber Security Centre (NCSC), as well the anti-doping watchdog in world sport.

The report follows the statement by Theresa May that Britain and allied countries will work together to expose the work of the GRU and the methods it uses.

One of the two Russians accused by Britain of the attempted assassination of Skripal and his daughter Yulia in Salisbury, with the poison novichok, has been named as a GRU colonel. The Kremlin has denied the link, and denied any involvement in the poisoning of the former Russian spy.

This new document has been put together by the NCSC, working with other UK and European intelligence agencies, and the NSA and FBI in the United States. Although there were allegations of Russian culpability over many episodes of the organised hacking, investigations have shown that the GRU are the main perpetrators. The trail shows, say security officials, that the organisation has become the Kremlin’s chosen clandestine weapon in pursuing its geopolitical goals. 

The GRU, according to the NCSC, is associated with a number of hacking groups whose names are used as “flags of convenience” including Fancy Bear: Sofacy; Pawnstorm: Sednit: Cyber Caliphate: Cyber Berkut: Voodoo Bear: BlackEnergy Actors: Strontium: Tsar Team and Sandworm.

In April this year the NCSC, the FBI and the US Department of Homeland Security issued a joint alert about Russian cyber activity aimed at both the public sector, infrastructure and internet service providers. Ciaran Martin, the head of the NCSC said at the time:

“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority......

“This is the first time that in attributing a cyberattack to Russia, the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.”

One of the biggest cyberattacks affecting this country took place in October last year when personal details of almost 700,000 UK nationals were accessed following the hacking of the US credit monitoring firm Equifax.

At the same time attacks took place in Ukraine, a state with which Moscow is locked in confrontation, with the metro system in Kiev and Odessa airport hit, along with the synchronised use of malware in Bulgaria, Turkey, Japan and Russia itself.
In the summer of 2015, a British television company was targeted and information from multiple email accounts stolen.
Four months earlier the French television station TV5Monde was taken off air when malicious software destroyed the network system.

A group calling itself the Cyber Caliphate claimed responsibility at the time but the attack was traced back to the Russian hacking group APT 28, which has become better known as Fancy Bear, one of the GRU affiliates. Two months after that, a cyberattack targeted the financial and energy sector in Ukraine, but soon spread further, affecting other European and also Russian businesses. The source of the malware was traced back, say British security officials, to the GRU.

In September 2016, Wada (the World Anti-Doping Agency) was hacked, and data pertaining to athletes, including medical details, stolen. The breach was carried out by Fancy Bear. The information, which was disseminated on Fancy Bear’s website, involved 41 athletes from 13 countries, including six from the UK and 14 sports altogether. The hacking took place after the Russian branch of the organisation was suspended following revelations about a state-sponsored drugs programme. Russia is now about to be readmitted to the organisation, a move that has led to the resignation of a member of Wada’s committee and threats to do so from others.

The allegations of Russian interference in the 2016 US presidential election has hung over the Trump White House, with investigations being carried out by the special counsel, Robert Mueller, with the hacking of the Democratic National Committee (DNC) being one of key issues.

A vast amount of material, including Hilary Clinton’s emails, were made public, some of it through Julian Assange’s Wikileaks site. Twelve Russian nationals, allegedly members of the GRU, have been indicted over the cyberattack by Mr Mueller.
Two GRU teams, Units 26165 and 74455, both located in Moscow, allegedly carried out the campaign, beginning in early 2016, according to the indictment.

One of the intelligence officers, Senior Lt Aleksey Lukashev, used various online fake personas, including “Den Katenberg” and “Yuliana Martynova”, to craft “spearphishing” emails to gather the information. Captain Nikolay Kozachek, allegedly crafted the X-Agent malware used to hack the Democratic Congressional Campaign Committee and DNC networks in April 2016. Unit 74455, also known as the Main Centre for Special Technology, engineered the release of the stolen documents, according to the indictment.

In a statement in response to the NCSC’s report, the foreign secretary, Jeremy Hunt (pictued) said: “The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. 

“This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences. Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

Independent:          Guardian

You Might  Also Read:

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

UK Builds 2,000-Strong Offensive Cyber Force:


 

« Scammers Steal Half-a-Billion Pounds From UK Bank Customers
Facebook Could Face A GDPR Fine Of $1.63bn »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Advenica

Advenica

Advenica develops, manufactures and sells innovative cybersecurity solutions for encryption and secure information exchange.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

Swiss Cyber Storm

Swiss Cyber Storm

Swiss Cyber Storm is a non profit organization hosting the international Swiss Cyber Storm Conference and running the Swiss part of the European Cyber Security Challenges.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

Krista Software

Krista Software

Krista is an intelligent automation platform that combines iPaaS and Conversational AI to automate complete business processes across your teams and apps.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Sterling Information Technologies

Sterling Information Technologies

Sterling is an information security, operational risk consulting and advisory group. Our Advisory services help to safeguard information assets while supporting business operations.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.