UK pins 'reckless campaign of cyber attacks' on Russian military intelligence

We know it was GRU

The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties.

In the bulletin, the UK government's National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU.

This comes in the wake of long-standing concerns that Russia was breaking international norms in cyberspace. The document, speaking for intelligence chiefs in the UK and its closest allies, has publicly blamed the Kremlin for hacking the US Democrat Party during the country's 2016 presidential election and much more.

GRU (not to be confused with the Despicable Me character) is "engaged in indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport", the alert stated. It continued:

The National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the GRU...

Cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.

This campaign by the GRU shows that it is working in secret to undermine international law and international institutions.

The UK and US governments previously blamed the Kremlin for the NotPetya and VPNFilter attacks, based on assessments by their respective intel agencies. The rap sheet was lengthened today when it blamed the country for the BadRabbit ransomware attack of October 2017, the hack on anti-doping agency WADA and the hack and leak of documents against the Democratic National Committee during the US presidential election campaign two years ago.

NCSC assessed with "high confidence that the GRU was almost certainly responsible" for all three attacks. The same level of confidence is attached to a "hack against email accounts belonging to a small (unnamed) UK-based TV station".

The finger pointing comes amid increased tension between the UK and Russia over the poisoning of Sergei Skripal in Salisbury, also blamed by the Brits on GRU operatives. American prosecutors have accused 12 suspected Russian spies of hacking Democrat and Hillary Clinton campaign officials. The suspects are all allegedly members of Unit 74455, a branch of GRU.

Foreign secretary Jeremy Hunt, whose ministerial responsibilities include GCHQ and NCSC, said: "The GRU's actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences."

Russian military hackers are known by numerous pseudonyms including APT28, Fancy Bear and CyberCaliphate – the guise under which it hacked French broadcaster TV5Monde back in April 2015. NCSC's alert was accompanied by the publication of a technical advisory on Indicators of Compromise for Malware used by APT28.

APT 28 has returned to covert intelligence gathering and adapted its tactics to stay more in the shadows. Its latest targets include a "well-known international organisation, military targets and governments in Europe, a government of a South American country, and an embassy belonging to an Eastern European country," according to new research from Symantec, released on Thursday.

The Russian hacking crew has begun experimenting with an esoteric UEFI (Unified Extensible Firmware Interface) rootkit called Lojax, as previously reported and based on research by security firm ESET.

Fancy Bear, which has also been studied by private security firms, has been active for at least 10 years and has chiefly targeted Western governments and other organisations in apparent furtherance of Russian foreign policy objectives. Its tactics have evolved over the years but there are some common themes (such as targeted phishing attacks) and tools.

Ollie Whitehouse, global chief technical officer at information assurance firm NCC Group, commented: "The techniques used by the GRU are varied, and their tradecraft is evolving. The main goal of the group is ultimately to use credentials gained through successful attacks to access sensitive information for a wide range of current and future applications, from data theft in the guise of emails and documents through to potential disruption." ®

Similar topics

Narrower topics

Other stories you might like

  • IBM finally shutters Russian operations, lays off staff
    Axing workers under 40 must feel like a novel concept for Big Blue

    After freezing operations in Russia earlier this year, IBM has told employees it is ending all work in the country and has begun laying off staff. 

    A letter obtained by Reuters sent by IBM CEO Arvind Krishna to staff cites sanctions as one of the prime reasons for the decision to exit Russia. 

    "As the consequences of the war continue to mount and uncertainty about its long-term ramifications grows, we have now made the decision to carry out an orderly wind-down of IBM's business in Russia," Krishna said. 

    Continue reading
  • Nothing says 2022 quite like this remote-controlled machine gun drone
    GNOM is small, but packs a mighty 7.62mm punch

    The latest drone headed to Ukraine's front lines isn't getting there by air. This one powers over rough terrain, armed with a 7.62mm tank machine gun.

    The GNOM (pronounced gnome), designed and built by a company called Temerland, based in Zaporizhzhia, won't be going far either. Next week it's scheduled to begin combat trials in its home city, which sits in southeastern Ukraine and has faced periods of rocket attacks and more since the beginning of the war.

    Measuring just under two feet in length, a couple inches less in width (57cm L х 60cm W x 38cm H), and weighing around 110lbs (50kg), GNOM is small like its namesake. It's also designed to operate quietly, with an all-electric motor that drives its 4x4 wheels. This particular model forgoes stealth in favor of a machine gun, but Temerland said it's quiet enough to "conduct covert surveillance using a circular survey camera on a telescopic mast."

    Continue reading
  • Taiwan bans exports of chips faster than 25MHz to Russia, Belarus
    Doom it is, then, Putin

    Taiwan's government has enacted a strict ban on the export of computer chips and chip-making equipment to Russia and Belarus, a move that will make it even harder for the two countries to access modern processors following export bans from other countries.

    The island nation is the world's largest advanced chip manufacturing hub, so the export ban carried out by Taiwan's Ministry of Economic Affairs, reported last week, will make it more difficult for Russia and Belarus to find chips for a variety of electronics, including computers, phones and TVs.

    Russia has already been scrambling to replace x86 processors from Intel and AMD that it can no longer access because of export bans by the US and other countries. This has prompted Russia to source x86-compatible chips from China for laptops that will be considerably slower than most modern systems. The country is also switching to servers using its homegrown Elbrus processors, which Russia's largest bank has found to be inadequate for multiple reasons.

    Continue reading

Biting the hand that feeds IT © 1998–2022