National Cyber Security Centre
Reckless campaign of cyber attacks by Russian military intelligence service exposed
Today, the UK and its allies can expose a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport.
The National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the GRU. These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.
Cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.
This campaign by the GRU shows that it is working in secret to undermine international law and international institutions.
The Foreign Secretary, Jeremy Hunt said:
“These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
Today, the UK and its allies are once again united in demonstrating that the international community will stand up against irresponsible cyber attacks by other Governments and that we will work together to respond to them. The British Government will continue to do whatever is necessary to keep our people safe.
As the Prime Minister said in Parliament on 5 September 2018, the UK will work with our allies to shine a light on the activities of the GRU and expose their methods.
The UK’s National Cyber Security Centre assess that the GRU is almost certainly the cyber actors listed below. Given the high confidence assessment and the broader context, the UK government has made the judgement that the Russian Government – the Kremlin – was responsible.
The GRU are associated with the names:
- APT 28
- Fancy Bear
- Cyber Berkut
- Voodoo Bear
- BlackEnergy Actors
- Tsar Team
|In October 2017, BadRabbit ransomware encrypted hard drives and rendered IT inoperable. This caused disruption including to the Kyiv metro, Odessa airport, Russia’s central bank and two Russian media outlets.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In August 2017, confidential medical files relating to a number of international athletes were released. WADA stated publicly that this data came from a hack of its Anti-Doping Administration and Management system.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In 2016, the Democratic National Committee (DNC) was hacked and documents were subsequently published online.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|Between July and August 2015 multiple email accounts belonging to a small UK-based TV station were accessed and content stolen.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In June 2017 a destructive cyber attack targeted the Ukrainian financial, energy and government sectors but spread further affecting other European and Russian businesses.||The UK Government attributed this attack to the GRU in February 2018. NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In October 2017, VPNFILTER malware infected thousands of home and small business routers and network devices worldwide. The infection potentially allowed attackers to control infected devices, render them inoperable and intercept or block network traffic.||In April 2018, the NCSC, FBI and Department for Homeland Security issued a joint Technical Alert about this activity by Russian state-sponsored actors.|
The NCSC has issued a technical advisory: Indicators of Compromise for Malware used by APT28.
Latest News from
National Cyber Security Centre
Foreign Secretary condemns Russia's GRU after NCSC assessment of Georgian cyber attacks21/02/2020 16:15:00
The UK, Georgia and international partners have today exposed the GRU’s responsibility for a number of significant cyber attacks against Georgia last year.
UK condemns Russia's GRU over Georgia cyber-attacks21/02/2020 11:17:00
Foreign Secretary Dominic Raab calls out Russian campaign of unacceptable cyber-attacks against Georgia.
NCSC supports Northern Ireland’s push to strengthen cyber security capabilities19/02/2020 12:05:00
The Northern Ireland Cyber Security Centre is open and will work closely with the NCSC going forward.
Girlguiding take on cyber security challenges19/02/2020 10:15:00
The NCSC partners with Girlguiding South West England, as part of the drive to increase female representation in cyber security.
Advisory: Trickbot17/02/2020 10:10:00
How organisations can protect their networks from the ‘Trickbot’ banking trojan.
Schoolgirls across the UK show their cyber skills12/02/2020 16:15:00
Hundreds demonstrated their cyber security know-how during the co-ordinated series of competitions across the UK.
Development days open for CyberFirst Girls12/02/2020 10:43:00
Girls that entered the 2019 and 2020 CyberFirst Girls Competitions are now eligible to attend free Development Days across the UK.
CyberFirst Girls Competition – regional finals this Saturday07/02/2020 15:43:00
Across 18 UK venues, schoolgirls will be taking part in the Girls Competition semi-finals this weekend.