Britian Accuses Russian GRU Spy Agency Of International Cyber Attacks

The British government has directly accused Russian military intelligence of being behind a spate of “reckless and indiscriminate cyber-attacks” carried out on the orders of Vladimir Putin’s Kremlin, including the hacking in 2016 of the US Democratic National Committee headquarters.

The Russian military intelligence agency is accused of the attempted assassination of former spy Sergei Skripal has carried out a swathe of attacks in the UK and abroad on political institutions, financial systems, transport networks and the media, according to the British government.

This secret international cyberwar has included the targeting of the US presidential elections which brought Donald Trump to power, according to a new report from the National Cyber Security Centre (NCSC), as well the anti-doping watchdog in world sport.

The report follows the statement by Theresa May that Britain and allied countries will work together to expose the work of the GRU and the methods it uses.

One of the two Russians accused by Britain of the attempted assassination of Skripal and his daughter Yulia in Salisbury, with the poison novichok, has been named as a GRU colonel. The Kremlin has denied the link, and denied any involvement in the poisoning of the former Russian spy.

This new document has been put together by the NCSC, working with other UK and European intelligence agencies, and the NSA and FBI in the United States. Although there were allegations of Russian culpability over many episodes of the organised hacking, investigations have shown that the GRU are the main perpetrators. The trail shows, say security officials, that the organisation has become the Kremlin’s chosen clandestine weapon in pursuing its geopolitical goals. 

The GRU, according to the NCSC, is associated with a number of hacking groups whose names are used as “flags of convenience” including Fancy Bear: Sofacy; Pawnstorm: Sednit: Cyber Caliphate: Cyber Berkut: Voodoo Bear: BlackEnergy Actors: Strontium: Tsar Team and Sandworm.

In April this year the NCSC, the FBI and the US Department of Homeland Security issued a joint alert about Russian cyber activity aimed at both the public sector, infrastructure and internet service providers. Ciaran Martin, the head of the NCSC said at the time:

“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority......

“This is the first time that in attributing a cyberattack to Russia, the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.”

One of the biggest cyberattacks affecting this country took place in October last year when personal details of almost 700,000 UK nationals were accessed following the hacking of the US credit monitoring firm Equifax.

At the same time attacks took place in Ukraine, a state with which Moscow is locked in confrontation, with the metro system in Kiev and Odessa airport hit, along with the synchronised use of malware in Bulgaria, Turkey, Japan and Russia itself.
In the summer of 2015, a British television company was targeted and information from multiple email accounts stolen.
Four months earlier the French television station TV5Monde was taken off air when malicious software destroyed the network system.

A group calling itself the Cyber Caliphate claimed responsibility at the time but the attack was traced back to the Russian hacking group APT 28, which has become better known as Fancy Bear, one of the GRU affiliates. Two months after that, a cyberattack targeted the financial and energy sector in Ukraine, but soon spread further, affecting other European and also Russian businesses. The source of the malware was traced back, say British security officials, to the GRU.

In September 2016, Wada (the World Anti-Doping Agency) was hacked, and data pertaining to athletes, including medical details, stolen. The breach was carried out by Fancy Bear. The information, which was disseminated on Fancy Bear’s website, involved 41 athletes from 13 countries, including six from the UK and 14 sports altogether. The hacking took place after the Russian branch of the organisation was suspended following revelations about a state-sponsored drugs programme. Russia is now about to be readmitted to the organisation, a move that has led to the resignation of a member of Wada’s committee and threats to do so from others.

The allegations of Russian interference in the 2016 US presidential election has hung over the Trump White House, with investigations being carried out by the special counsel, Robert Mueller, with the hacking of the Democratic National Committee (DNC) being one of key issues.

A vast amount of material, including Hilary Clinton’s emails, were made public, some of it through Julian Assange’s Wikileaks site. Twelve Russian nationals, allegedly members of the GRU, have been indicted over the cyberattack by Mr Mueller.
Two GRU teams, Units 26165 and 74455, both located in Moscow, allegedly carried out the campaign, beginning in early 2016, according to the indictment.

One of the intelligence officers, Senior Lt Aleksey Lukashev, used various online fake personas, including “Den Katenberg” and “Yuliana Martynova”, to craft “spearphishing” emails to gather the information. Captain Nikolay Kozachek, allegedly crafted the X-Agent malware used to hack the Democratic Congressional Campaign Committee and DNC networks in April 2016. Unit 74455, also known as the Main Centre for Special Technology, engineered the release of the stolen documents, according to the indictment.

In a statement in response to the NCSC’s report, the foreign secretary, Jeremy Hunt (pictued) said: “The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. 

“This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences. Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

Independent:          Guardian

You Might  Also Read:

Britain Plots Cyber Revenge On Russia For Novichok Poisonings:

UK Builds 2,000-Strong Offensive Cyber Force:


 

« Scammers Steal Half-a-Billion Pounds From UK Bank Customers
Facebook Could Face A GDPR Fine Of $1.63bn »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

National Institute of Standards & Technology (NIST)

National Institute of Standards & Technology (NIST)

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Resilia

Resilia

RESILIA is a comprehensive portfolio of tools and training to help your organization achieve global best practice in cyber security.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

Lepide

Lepide

LepideAuditor is a powerful Data Security Platform that enables you to reduce risk, prevent data breaches and prove regulatory compliance.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.

Avalon Cyber

Avalon Cyber

Arm your organization in the fight against cyberattacks by partnering with the experts at Avalon Cyber.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.