National Cyber Security Centre
UK and partners condemn GRU cyber attacks against Olympic and Paralympic Games
Russia warned by UK and allies against further destructive cyber attacks.
The UK yesterday (19th October) exposed malicious cyber activity from Russia’s GRU military intelligence service against organisations involved in the 2020 Olympic and Paralympic Games before they were postponed.
The activity involved cyber reconnaissance by the GRU targeting officials and organisations involved in the Games, which had been due to take place in Tokyo during the summer.
The incidents were the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games, with the UK also revealing details of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.
The National Cyber Security Centre (NCSC) assesses with high confidence that these attacks were carried out by the GRU’s Main Centre for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear.
Details were released after the US Department of Justice announced criminal charges against Russian military intelligence officers working for the GRU’s cyber unit for conducting cyber attacks against the 2018 Winter Games and other cyber attacks.
The Foreign Secretary Dominic Raab has issued a statement making clear that the Russian government cannot act with impunity.
Paul Chichester, the NCSC’s Director of Operations, yesterday said:
“We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the US Department of Justice.
“These attacks have had very real consequences around the world – both to national economies and the everyday lives of people.
“We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyberspace.”
In the attacks on the 2018 Games, the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games.
The GRU deployed data-deletion malware against the Winter Games IT systems and targeted devices across the Republic of Korea using VPNFilter.
The NCSC assesses that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks. Administrators worked to isolate the malware and replace the affected computers, preventing potential disruption.
Latest News from
National Cyber Security Centre
NCSC response to speculation about cyber attacks on UK coronavirus research30/11/2020 14:05:00
NCSC statement on the media reports suggesting that hackers have tried to break into the systems of researchers AstraZeneca and the University of Oxford.
Black Friday shoppers urged to avoid handing cyber criminals early Christmas gift24/11/2020 16:15:00
The NCSC has updated guidance ahead of Black Friday to help people shop online securely.
NCSC Takedown Service23/11/2020 10:20:00
Takedown services remove sites and block any attack infrastructure to limit the harm that cyber attacks can cause.
NCSC defends UK from more than 700 cyber attacks while supporting national pandemic response04/11/2020 16:15:00
The NCSC's fourth Annual Review reveals its ongoing work against cyber attacks, support for the UK during the coronavirus pandemic.
NCSC statement following US advisory on ransomware targeting of US health sector30/10/2020 16:15:00
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have published an advisory on the threat of Ryuk ransomware.
Code of Practice for Cyber Security and Safety in Engineering30/10/2020 12:43:00
The Institution of Engineering and Technology has published a Code of Practice with the support of the NCSC.
NCSC welcomes EU cyber sanctions against Russia following 2015 attack on Germany’s Parliament23/10/2020 13:15:00
EU cyber sanctions against Russia following a 2015 attack on Germany's Parliament have been welcomed by the NCSC.