National Cyber Security Centre
Reckless campaign of cyber attacks by Russian military intelligence service exposed
Today, the UK and its allies can expose a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport.
The National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the GRU. These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.
Cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.
This campaign by the GRU shows that it is working in secret to undermine international law and international institutions.
The Foreign Secretary, Jeremy Hunt said:
“These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
Today, the UK and its allies are once again united in demonstrating that the international community will stand up against irresponsible cyber attacks by other Governments and that we will work together to respond to them. The British Government will continue to do whatever is necessary to keep our people safe.
As the Prime Minister said in Parliament on 5 September 2018, the UK will work with our allies to shine a light on the activities of the GRU and expose their methods.
The UK’s National Cyber Security Centre assess that the GRU is almost certainly the cyber actors listed below. Given the high confidence assessment and the broader context, the UK government has made the judgement that the Russian Government – the Kremlin – was responsible.
The GRU are associated with the names:
- APT 28
- Fancy Bear
- Cyber Berkut
- Voodoo Bear
- BlackEnergy Actors
- Tsar Team
|In October 2017, BadRabbit ransomware encrypted hard drives and rendered IT inoperable. This caused disruption including to the Kyiv metro, Odessa airport, Russia’s central bank and two Russian media outlets.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In August 2017, confidential medical files relating to a number of international athletes were released. WADA stated publicly that this data came from a hack of its Anti-Doping Administration and Management system.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In 2016, the Democratic National Committee (DNC) was hacked and documents were subsequently published online.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|Between July and August 2015 multiple email accounts belonging to a small UK-based TV station were accessed and content stolen.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In June 2017 a destructive cyber attack targeted the Ukrainian financial, energy and government sectors but spread further affecting other European and Russian businesses.||The UK Government attributed this attack to the GRU in February 2018. NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In October 2017, VPNFILTER malware infected thousands of home and small business routers and network devices worldwide. The infection potentially allowed attackers to control infected devices, render them inoperable and intercept or block network traffic.||In April 2018, the NCSC, FBI and Department for Homeland Security issued a joint Technical Alert about this activity by Russian state-sponsored actors.|
The NCSC has issued a technical advisory: Indicators of Compromise for Malware used by APT28.
Latest News from
National Cyber Security Centre
Ciaran Martin's speech at the Annual Review 2018 launch17/10/2018 11:42:00
Ciaran Martin speaking at the launch event for the 2018 Annual Review (16th October)
NCSC deals with 1,100 cyber attacks in first two years17/10/2018 09:15:00
On its second anniversary, the NCSC has revealed it has defended the UK from an average of more than 10 attacks per week.
Annual Review 201816/10/2018 13:15:00
The Annual Review 2018 – the story of the second year of operations at the National Cyber Security Centre.
Gloucester children to benefit from groundbreaking cyber hub15/10/2018 15:05:00
Children in Gloucester will benefit from an innovative cyber environment in one of the NCSC's latest Cyber School Hubs.
Top cyber diplomat celebrated as “trailblazing”11/10/2018 13:22:00
Cyber expert Sarah Taylor given Marie Claire Future Shaper Award.
NCSC response and advice following Facebook cyber incident01/10/2018 13:20:00
An official statement from the National Cyber Security Centre after Facebook announced a security issue affecting almost 50 million accounts.
NCSC releases core questions to help Britain's biggest boards understand their cyber risk13/09/2018 16:15:00
Speaking at the annual CBI Cyber Security: Business Insight Conference 2018, Ciaran Martin offered boards five questions that will help them to prepare for a cyber attack.
Ciaran Martin's speech at the CBI Cyber Conference13/09/2018 13:15:00
Ciaran Martin, CEO of the National Cyber Security Centre, speaking on 12 September at the CBI Cyber Conference.