UK and partners attribute series of cyber-attacks to Russia

The National Cyber Security Centre (NCSC) of the United Kingdom has attributed a “campaign of indiscriminate and reckless cyber attacks” to the GRU, the Russian military intelligence service. UK Foreign Secretary Jeremy Hunt stated that the GRU’s actions demonstrate “their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences”. The NCSC associated 12 threat groups with the GRU, among them APT 28, Fancy Bear, Sofacy, Voodoo Bear and CyberCaliphate (previously thought to be affiliated with ISIS). NCSC assessed with “high confidence” that the GRU was “almost certainly responsible” also for the BadRabbit ransomware of 2017, the release of confidential files of international athletes stolen from the World Anti-Doping Agency (WADA) in 2016, and attacks on the servers of the US Democratic National Committee in 2016. The NSCS also claimed the GRU attempted to compromise the UK Foreign and Commonwealth Office (FCO) computer systems via a spearphishing attack and gain access to the UK Defence and Science Technology Laboratory (DSTL) computer systems. At the same time, the UK Prime Minister May and the Netherlands Prime Minister Rutte issued a joint statement attributing the cyber attacks on the Organisation on the Prevention of Chemical Weapons (OPCW) to the GRU. Australia and New Zealand supported NCSC’s findings. Russia’s ambassador in London has denied the claims since. As some specialists point out, the attributions come at a time of heated debates at the UN General Assembly around Russian proposals for the future of the UN Group of Governmental Experts and possible international treaties on cybersecurity and cybercrime.