Thursday 04 Oct 2018 @ 14:25
Foreign and Commonwealth Office
Printable version

Minister for Europe statement: attempted hacking of the OPCW by Russian military intelligence

UK Ambassador to The Netherlands Peter Wilson delivered a statement on behalf of Europe Minister Alan Duncan on the attempted hacking of the OPCW by the GRU.

I’d like to thank my Dutch colleagues and to make a few remarks. The United Kingdom and the Netherlands are close security partners, and our presence together today in The Hague underlines that.

The disruption

The disruption of this attempted attack on the Organisation for the Prohibition of Chemical Weapons (OPCW) was down to the expertise and professionalism of the Dutch security services, in partnership with the UK. The OPCW is a respected international organisation, which is working to rid the world of chemical weapons. Hostile action against it demonstrates complete disregard for its vital mission.

This disruption happened in April. Around that time, the OPCW was working to independently verify the UK’s analysis of the chemical used in the poisoning of the Skripals in Salisbury. As we know, the OPCW confirmed the UK’s analysis that a Novichok nerve agent was used in the Salisbury attack – which we now know for certain was carried out by serving GRU officers.

The OPCW was also due to conduct analysis of the chemical weapons attack in Douma on 7 April. This operation in The Hague by the GRU was not an isolated act. The Unit involved, known in the Russian military as Unit 26165, has sent officers around the world to conduct brazen close access cyber operations.

One of the GRU officers who was escorted out of the country by our Dutch colleagues, Yevgeniy Serebriakov, also conducted malign activity in Malaysia. This GRU operation there was trying to collect information about the MH17 investigation, and it targeted Malaysian government institutions including the Attorney General’s office and the Royal Malaysian Police.

As the General has just mentioned, we also know that the GRU officers who were stopped in The Hague planned to travel on to the OPCW designated laboratory in Spiez. This wouldn’t have been the first time they’d travelled to Switzerland. Intelligence collected from a laptop that belonged to one of the GRU officers disrupted in The Hague shows that it had connected to WiFi at the Alpha Palmiers Hotel in Lausanne in September 2016 – where a WADAconference was taking place.

That conference was attended by officials from the International Olympic Committee and the Canadian Center for Ethics in Sport. They found themselves the victims of a cyber attack. One official from the Canadian Center had their laptop compromised by ‘APT28’ malware; this was probably deployed by an actor connected to the same hotel WIFI network. Immediately after this laptop was compromised, the Center’s computer systems were infected more broadly by APT28 malware. Subsequently, APT28 actors also compromised the IP addresses of the International Olympic Committee.

APT28, Sandworm and Salisbury

Earlier today the British Government has publicly revealed that APT 28 and a number of other cyber actors, widely known to have been conducting cyber attacks around the world, are in fact the GRU.

The UK National Cyber Security Centre has made this assessment because of compelling technical evidence that links these actors’ operations to known GRU technical infrastructure. This leads them to assess that the GRU was almost certainly responsible for these actors’ attacks.

I want to make it completely clear: the officers disrupted in The Hague are part of the same Unit of the GRU – 26165 – which is responsible for APT28. Another of the cyber actors identified as the GRU was Sandworm, which was active in the wake of the Salisbury attack. I can reveal that they were behind the following attempted intrusions:

  • in March, straight after the Salisbury attack, the GRU attempted to compromise UK Foreign and Commonwealth Office computer systems via a spear phishing attack
  • in April, GRU intrusions targeted both the computers of the UK Defence and Science Technology Laboratory, as well as the Organisation for the Prohibition of Chemical Weapons
  • in May, GRU hackers sent spear phishing emails which impersonated Swiss federal authorities to target OPCW employees directly, and thus OPCWcomputer systems.

These cyber-attacks were carried out remotely – by GRU teams based within Russia.

Pattern of behaviour: the GRU

Alongside our allies, the United Kingdom is committed to confronting, exposing and disrupting the GRU’s activity. Their pattern of behaviour is exemplified by the reckless attempted operation against the OPCW’s headquarters here in The Hague, which was brilliantly disrupted by the Dutch security services. But its wider implications bear repeating.

As our attributions today have made clear, the GRU has interfered in free elections and pursued a hostile campaign of cyber-attacks against state and civilian targets.

Conclusion

The GRU is an aggressive, well-funded, official body of the Russian State. It can no longer be allowed to act aggressively across the world, and against vital international organisations, with apparent impunity.

I should repeat that this is a real and multi-faceted threat, conducted by both remote and proximate means. GRU officers do not just attempt to compromise our computer systems from their barracks in Moscow. As we have shown today:

  • they have operated on the streets of the Netherlands to target the OPCW
  • they travelled across the world under diplomatic cover to target the MH17 investigation in Malaysia and a WADA conference in Switzerland
  • and they operated in a quiet British city to apply a banned nerve agent to a door handle

With its aggressive cyber campaigns, we see the GRU trying to clean up Russia’s own mess – be it the doping uncovered by WADA or the nerve agent identified by the OPCW.

Our world-leading intelligence partnership and outstanding professionalism from the Dutch, British and allied security and intelligence communities have allowed us to disrupt and expose them.

On the basis of what we have learnt in the Salisbury investigation – and what we know about this organisation more broadly – we are now stepping up our collective efforts against malign activity, and specifically against the GRU.

We will increase further our understanding of what the GRU is doing, and attempting to do, in our countries. We will shine a light on their activities. We will expose their methods and we will share this with our allies. This includes strengthening international organisations, and working to protect other potential targets from further harm.

Through our institutions, including the EU, we will work with allies to update sanctions regimes to deter and respond to the use of chemical weapons, we will combat hostile activity in cyberspace, and we will punish human rights abuse.

The GRU can only succeed in the shadows. We all agree that where we see their malign activity, we must expose it together. And we will.

Related content

Cyber security

Foreign affairs

National security

World locations

 

Channel website: https://www.gov.uk/government/organisations/foreign-commonwealth-office

Original article link: https://www.gov.uk/government/speeches/minister-for-europe-statement-attempted-hacking-of-the-opcw-by-russian-military-intelligence

Share this article

Latest News from
Foreign and Commonwealth Office

UK and U.S. to clamp down harder on the trade of Russian metals

15/04/2024 11:14:00

The recent (12 April 2024) action brings the world’s two largest metal exchanges into the scope of existing bans.

UK appoints first blind ambassador to serve overseas

15/04/2024 09:10:00

Victoria Harrison will become UK ambassador to Slovenia in August 2024, accompanied by her guide dog Otto.

UK reaffirms commitment to Arctic security and prosperity

11/04/2024 15:15:00

The UK’s commitment to international collaboration in the Arctic will be the focus for Americas Minister David Rutley on his first visit to Alaska

UK to boost aid support for Gaza by sea

08/04/2024 12:10:00

UK government announces new package of military and civilian support to set up a maritime aid corridor to Gaza.

UK announces life-saving support for women and girls in Tanzania

04/04/2024 15:05:00

The Minister for Development and Africa Andrew Mitchell has announced new UK support to Tanzania to help save lives and unlock investment.

UK backing leading physicist Professor Mark Thomson to lead CERN

03/04/2024 15:12:00

The UK government is announcing its support for the renowned particle physicist Professor Mark Thomson, to be the next Director-General of CERN.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

02/04/2024 15:10:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:25:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

UK and Australia celebrate closer ties with AUKUS progress and new defence treaty

22/03/2024 14:10:00

UK and Australia ties are stronger than ever following a successful defence and foreign policy summit in Canberra.

Exclusive offers, deals and discounts available to public sector staff, past and present!