Britian Accuses Russian GRU Spy Agency Of International Cyber Attacks

Uploaded on 2018-10-04 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

The British government has directly accused Russian military intelligence of being behind a spate of “reckless and indiscriminate cyber-attacks” carried out on the orders of Vladimir Putin’s Kremlin, including the hacking in 2016 of the US Democratic National Committee headquarters.

The Russian military intelligence agency is accused of the attempted assassination of former spy Sergei Skripal has carried out a swathe of attacks in the UK and abroad on political institutions, financial systems, transport networks and the media, according to the British government.

This secret international cyberwar has included the targeting of the US presidential elections which brought Donald Trump to power, according to a new report from the National Cyber Security Centre (NCSC), as well the anti-doping watchdog in world sport.

The report follows the statement by Theresa May that Britain and allied countries will work together to expose the work of the GRU and the methods it uses.

One of the two Russians accused by Britain of the attempted assassination of Skripal and his daughter Yulia in Salisbury, with the poison novichok, has been named as a GRU colonel. The Kremlin has denied the link, and denied any involvement in the poisoning of the former Russian spy.

This new document has been put together by the NCSC, working with other UK and European intelligence agencies, and the NSA and FBI in the United States. Although there were allegations of Russian culpability over many episodes of the organised hacking, investigations have shown that the GRU are the main perpetrators. The trail shows, say security officials, that the organisation has become the Kremlin’s chosen clandestine weapon in pursuing its geopolitical goals. 

The GRU, according to the NCSC, is associated with a number of hacking groups whose names are used as “flags of convenience” including Fancy Bear: Sofacy; Pawnstorm: Sednit: Cyber Caliphate: Cyber Berkut: Voodoo Bear: BlackEnergy Actors: Strontium: Tsar Team and Sandworm.

In April this year the NCSC, the FBI and the US Department of Homeland Security issued a joint alert about Russian cyber activity aimed at both the public sector, infrastructure and internet service providers. Ciaran Martin, the head of the NCSC said at the time:

“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority......

“This is the first time that in attributing a cyberattack to Russia, the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.”

One of the biggest cyberattacks affecting this country took place in October last year when personal details of almost 700,000 UK nationals were accessed following the hacking of the US credit monitoring firm Equifax.

At the same time attacks took place in Ukraine, a state with which Moscow is locked in confrontation, with the metro system in Kiev and Odessa airport hit, along with the synchronised use of malware in Bulgaria, Turkey, Japan and Russia itself.
In the summer of 2015, a British television company was targeted and information from multiple email accounts stolen.
Four months earlier the French television station TV5Monde was taken off air when malicious software destroyed the network system.

A group calling itself the Cyber Caliphate claimed responsibility at the time but the attack was traced back to the Russian hacking group APT 28, which has become better known as Fancy Bear, one of the GRU affiliates. Two months after that, a cyberattack targeted the financial and energy sector in Ukraine, but soon spread further, affecting other European and also Russian businesses. The source of the malware was traced back, say British security officials, to the GRU.

In September 2016, Wada (the World Anti-Doping Agency) was hacked, and data pertaining to athletes, including medical details, stolen. The breach was carried out by Fancy Bear. The information, which was disseminated on Fancy Bear’s website, involved 41 athletes from 13 countries, including six from the UK and 14 sports altogether. The hacking took place after the Russian branch of the organisation was suspended following revelations about a state-sponsored drugs programme. Russia is now about to be readmitted to the organisation, a move that has led to the resignation of a member of Wada’s committee and threats to do so from others.

The allegations of Russian interference in the 2016 US presidential election has hung over the Trump White House, with investigations being carried out by the special counsel, Robert Mueller, with the hacking of the Democratic National Committee (DNC) being one of key issues.

A vast amount of material, including Hilary Clinton’s emails, were made public, some of it through Julian Assange’s Wikileaks site. Twelve Russian nationals, allegedly members of the GRU, have been indicted over the cyberattack by Mr Mueller.
Two GRU teams, Units 26165 and 74455, both located in Moscow, allegedly carried out the campaign, beginning in early 2016, according to the indictment.

One of the intelligence officers, Senior Lt Aleksey Lukashev, used various online fake personas, including “Den Katenberg” and “Yuliana Martynova”, to craft “spearphishing” emails to gather the information. Captain Nikolay Kozachek, allegedly crafted the X-Agent malware used to hack the Democratic Congressional Campaign Committee and DNC networks in April 2016. Unit 74455, also known as the Main Centre for Special Technology, engineered the release of the stolen documents, according to the indictment.

In a statement in response to the NCSC’s report, the foreign secretary, Jeremy Hunt (pictued) said: “The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. 

“This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences. Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

Independent:          Guardian

You Might  Also Read:

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

UK Builds 2,000-Strong Offensive Cyber Force:


 

« Scammers Steal Half-a-Billion Pounds From UK Bank Customers
Facebook Could Face A GDPR Fine Of $1.63bn »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

Cyanre

Cyanre

Cyanre delivers state of the art cyber forensic services through software technologies and procedures that exceed conformities of major law enforcement agencies across the globe.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Mendoza Ventures

Mendoza Ventures

Mendoza Ventures is a venture capital fund focusing on pre-seed Artificial Intelligence (AI), Fintech, and Cybersecurity startups.

Area 1 Security

Area 1 Security

Area 1 is the only Pay-per-Phish solution in cyber security. And the only technology that blocks phishing attacks before they damage your business.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Ward Solutions

Ward Solutions

Ward Solutions are an information security consultancy and managed services company. We help organisations protect their brand, people, assets, intellectual property and profits.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

SentryMark

SentryMark

Stay a Step Ahead of Emerging Threats. Deviate from the traditional siloed defenses and get the proactive and responsive cybersecurity solutions and services you deserve with SentryMark today.