Russia's GRU is behind cyberattacks worldwide, U.K. says

"This pattern of behavior demonstrates their desire to operate without regard to international law or established norms."
by Reuters /  / Updated 

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

LONDON — Britain accused Russian military intelligence Thursday of directing a host of cyberattacks aimed at undermining Western democracies by sowing confusion in everything from sports to transport and the 2016 U.S. presidential election.

The British assessment cast Russia's military intelligence service, the GRU, as a pernicious cyber aggressor which has used a network of hackers to spread discord across the world.

Later Thursday, Dutch officials revealed details of an alleged GRU plot disrupted in April, in which four people it identified as Russian intelligence agents were accused of trying to hack the Organization for the Prohibition of Chemical Weapons.

The U.K. National Cyber Security Centre (NCSC) said the GRU was almost certainly behind the BadRabbit and World Anti-Doping Agency attacks of 2017, the hack of the Democratic National Committee (DNC) in 2016 and the theft of emails from a U.K.-based TV station in 2015.

"The GRU's actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries," British Foreign Secretary Jeremy Hunt said. "Our message is clear: Together with our allies we will expose and respond to the GRU's attempts to undermine international stability."

Britain believes the Russian government is responsible for the attacks.

In the Netherlands, the Dutch military intelligence agency said in a briefing that four Russians arrived there on April 10 and, with the help of British intelligence officers, were caught with spying equipment at a hotel located next to the OPCW headquarters.

At the time, the OPCW was working to verify the identity of the substance used in the March attack in Salisbury, Britain, on former Russian spy Sergei Skripal and his daughter Julia. It was also seeking to verify the identity of a substance used in an attack in Douma, Syria.

The four Russians in the Netherlands were detained on April 13 and expelled to Russia, Dutch Major General Onno Eichelsheim said. They had planned to travel on to a laboratory in Spiez, Switzerland, used by the OPCW to analyze chemical weapons samples, he said.

Image: The GRU's headquarters in Moscow
The GRU's headquarters in Moscow.Natalia Kolesnikova / AFP - Getty Images file

Though less well known than the Soviet Union's once-mighty KGB, Russia's military intelligence service played a major role in some of the biggest events of the past century, from the Cuban missile crisis to the annexation of Crimea.

Though commonly known by the acronym GRU, which stands for the Main Intelligence Directorate, its name was formally changed in 2010 to the Main Directorate of the General Staff (or just GU). Its old acronym — GRU — is still more widely used.

It has agents across the globe and answers directly to the chief of the general staff and the Russian defense minister. The GRU does not comment publicly on its actions. Its structure, staff numbers and financing are Russian state secrets.

The GRU traces its history back to the times of Ivan the Terrible, though it was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Vladimir Lenin insisted on its independence from other secret services.

British Prime Minister Theresa May has said GRU officers used a nerve agent to try to kill former double agent Sergei Skripal, who was found unconscious in the English city of Salisbury in March. Russia has repeatedly denied the charges.

Image: Surveillance footage showing Novichok attack suspect Ruslan Boshirov
One of the suspects in the Novichok poisoning, who used the name Ruslan Boshirov, is shown on surveillance footage captured at Britain's Gatwick Airport on March 2.Metropolitan Police / Getty Images

After the Skripal poisoning, the West agreed with Britain's assessment that Russian military intelligence was to blame and launched the biggest expulsion of Russian spies working under diplomatic cover since the height of the Cold War.

Russian President Vladimir Putin, himself a former KGB spy, said on Wednesday that Skripal, a GRU officer who betrayed dozens of agents to Britain's MI6 foreign spy service, was a "scumbag" who had betrayed Russia.

Britain said the GRU was associated with a host of hackers including APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berkut, Voodoo Bear and BlackEnergy Actors.

"This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences," Hunt said.

The United States sanctioned GRU officers including its chief, Igor Korobov, in 2016 and 2018 for attempted interference in the 2016 U.S. election and cyberattacks.

Australia and New Zealand backed the United Kingdom's findings on the GRU.

"Cyberspace is not the Wild West. The international community — including Russia — has agreed that international law and norms of responsible state behavior apply in cyberspace," Australia's Prime Minister Scott Morrison said. "By embarking on a pattern of malicious cyber behavior, Russia has shown a total disregard for the agreements it helped to negotiate."

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
MORE FROM news