Britian Accuses Russian GRU Spy Agency Of International Cyber Attacks

Uploaded on 2018-10-04 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

The British government has directly accused Russian military intelligence of being behind a spate of “reckless and indiscriminate cyber-attacks” carried out on the orders of Vladimir Putin’s Kremlin, including the hacking in 2016 of the US Democratic National Committee headquarters.

The Russian military intelligence agency is accused of the attempted assassination of former spy Sergei Skripal has carried out a swathe of attacks in the UK and abroad on political institutions, financial systems, transport networks and the media, according to the British government.

This secret international cyberwar has included the targeting of the US presidential elections which brought Donald Trump to power, according to a new report from the National Cyber Security Centre (NCSC), as well the anti-doping watchdog in world sport.

The report follows the statement by Theresa May that Britain and allied countries will work together to expose the work of the GRU and the methods it uses.

One of the two Russians accused by Britain of the attempted assassination of Skripal and his daughter Yulia in Salisbury, with the poison novichok, has been named as a GRU colonel. The Kremlin has denied the link, and denied any involvement in the poisoning of the former Russian spy.

This new document has been put together by the NCSC, working with other UK and European intelligence agencies, and the NSA and FBI in the United States. Although there were allegations of Russian culpability over many episodes of the organised hacking, investigations have shown that the GRU are the main perpetrators. The trail shows, say security officials, that the organisation has become the Kremlin’s chosen clandestine weapon in pursuing its geopolitical goals. 

The GRU, according to the NCSC, is associated with a number of hacking groups whose names are used as “flags of convenience” including Fancy Bear: Sofacy; Pawnstorm: Sednit: Cyber Caliphate: Cyber Berkut: Voodoo Bear: BlackEnergy Actors: Strontium: Tsar Team and Sandworm.

In April this year the NCSC, the FBI and the US Department of Homeland Security issued a joint alert about Russian cyber activity aimed at both the public sector, infrastructure and internet service providers. Ciaran Martin, the head of the NCSC said at the time:

“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority......

“This is the first time that in attributing a cyberattack to Russia, the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.”

One of the biggest cyberattacks affecting this country took place in October last year when personal details of almost 700,000 UK nationals were accessed following the hacking of the US credit monitoring firm Equifax.

At the same time attacks took place in Ukraine, a state with which Moscow is locked in confrontation, with the metro system in Kiev and Odessa airport hit, along with the synchronised use of malware in Bulgaria, Turkey, Japan and Russia itself.
In the summer of 2015, a British television company was targeted and information from multiple email accounts stolen.
Four months earlier the French television station TV5Monde was taken off air when malicious software destroyed the network system.

A group calling itself the Cyber Caliphate claimed responsibility at the time but the attack was traced back to the Russian hacking group APT 28, which has become better known as Fancy Bear, one of the GRU affiliates. Two months after that, a cyberattack targeted the financial and energy sector in Ukraine, but soon spread further, affecting other European and also Russian businesses. The source of the malware was traced back, say British security officials, to the GRU.

In September 2016, Wada (the World Anti-Doping Agency) was hacked, and data pertaining to athletes, including medical details, stolen. The breach was carried out by Fancy Bear. The information, which was disseminated on Fancy Bear’s website, involved 41 athletes from 13 countries, including six from the UK and 14 sports altogether. The hacking took place after the Russian branch of the organisation was suspended following revelations about a state-sponsored drugs programme. Russia is now about to be readmitted to the organisation, a move that has led to the resignation of a member of Wada’s committee and threats to do so from others.

The allegations of Russian interference in the 2016 US presidential election has hung over the Trump White House, with investigations being carried out by the special counsel, Robert Mueller, with the hacking of the Democratic National Committee (DNC) being one of key issues.

A vast amount of material, including Hilary Clinton’s emails, were made public, some of it through Julian Assange’s Wikileaks site. Twelve Russian nationals, allegedly members of the GRU, have been indicted over the cyberattack by Mr Mueller.
Two GRU teams, Units 26165 and 74455, both located in Moscow, allegedly carried out the campaign, beginning in early 2016, according to the indictment.

One of the intelligence officers, Senior Lt Aleksey Lukashev, used various online fake personas, including “Den Katenberg” and “Yuliana Martynova”, to craft “spearphishing” emails to gather the information. Captain Nikolay Kozachek, allegedly crafted the X-Agent malware used to hack the Democratic Congressional Campaign Committee and DNC networks in April 2016. Unit 74455, also known as the Main Centre for Special Technology, engineered the release of the stolen documents, according to the indictment.

In a statement in response to the NCSC’s report, the foreign secretary, Jeremy Hunt (pictued) said: “The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. 

“This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences. Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

Independent:          Guardian

You Might  Also Read:

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

UK Builds 2,000-Strong Offensive Cyber Force:


 

« Scammers Steal Half-a-Billion Pounds From UK Bank Customers
Facebook Could Face A GDPR Fine Of $1.63bn »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

Proton Data Security

Proton Data Security

Proton Data Security is a certified small business specializing in the design, manufacturing and sales of data security products for permanent erasure of hard drives, tapes and optical media.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

Sixteenth Air Force (Air Forces Cyber)

Sixteenth Air Force (Air Forces Cyber)

Air Forces Cyber provides mission integration of Information Warfare at operational and tactical levels, creating dilemmas for adversaries in competition and, if necessary, future conflicts.

4Securitas

4Securitas

4Securitas is an innovative cyber security firm focused on protecting critical data at the core of every organisation.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL) is the largest integrated Information Communication Technology (ICT) company of Pakistan.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Dope Security

Dope Security

Dope Security is a fly-direct Secure Web Gateway that eliminates the data center stopover architecture required by legacy providers, instead performing security directly on the endpoint.

Teleskope

Teleskope

Teleskope are on a mission to empower businesses to protect sensitive data by default.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,

Seers

Seers

Seers is the world’s leading privacy & consent management platform for companies worldwide. Trusted by over 50,000+ businesses.