The UK government has accused Russia’s military intelligence service of being behind four high-profile cyber-attacks.
The National Cyber Security Centre says targets included firms in Russia and Ukraine; the US Democratic Party; and a small TV network in the UK.
A Russian foreign ministry spokeswoman described the accusation as a “rich fantasy of our colleagues from Britain”.
World Anti-Doping Agency computers are also said to have been attacked.
Files later emerged showing how British cyclists Sir Bradley Wiggins and Chris Froome had used banned substances for legitimate medical reasons.
At the time, some of the attacks were linked to Russia – but this is the first time the UK has singled out the GRU, the Russian military intelligence service.
British police think the men who carried out the Salisbury poisoning in March worked for the same group.
Speaking on behalf of the Russian foreign ministry, Maria Zakharova said the UK’s accusations were “mixed in one perfume bottle”, adding: “Maybe a Nina Ricci bottle: GRU, WADA, Kremlin hackers – it’s a diabolical perfume.”
But Defence Minister Gavin Williamson condemned Russia as a “pariah state”, and said Moscow’s “reckless and indiscriminate” attacks had left it isolated in the international community.
The NCSC said it has assessed “with high confidence” that the GRU was “almost certainly responsible” for the cyber-attacks.
Foreign Secretary Jeremy Hunt said the GRU had waged a campaign of “indiscriminate and reckless” cyber strikes that served “no legitimate national security interest”.
Cyber security consultant Andrew Tsonchev said individuals can get “caught up” in the attacks.
He said: “The more obvious and urgent effect that people need to be aware of is that the services they use – the essential services – are at risk and are actively being targeted for sabotage.”
What is the GRU accused of?
The NCSC says hackers from the GRU, operating under a dozen different names – including Fancy Bear – targeted:
- The systems database of the Montreal-based World Anti-Doping Agency (Wada), using phishing to gain passwords. Athletes’ data was later published
- The Democratic National Committee in 2016, when emails and chats were obtained and subsequently published online. The US authorities have already linked this to Russia
- Ukraine’s Kyiv metro and Odessa airport, Russia’s central bank, and two privately-owned Russian media outlets – Fontanka.ru and news agency Interfax – in October 2017. They used ransomware to encrypt the contents of a computer and demand payment
- An unnamed small UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen
Former UK diplomat Lord Ricketts said it was likely the Russians targeted Wada “to distract from the very serious allegations about Russian athletes”, and targeted the Ukraine as they were trying to “destabilise” the region.
But he added other attacks seemed random and might have been part of a “pilot project” to “see what they can do at a point where they wanted to use” cyber warfare.
What has the UK government said?
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,” said Foreign Secretary Jeremy Hunt.
“This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
Lord Ricketts believes rather than the UK participating in an offensive cyber counterattack, the government should continue targeting “dodgy Russian money” with economic sanctions.
By Gordon Corera, BBC security correspondent
Today’s statement is part of a drive by Britain to keep the pressure on the Russian state and specifically on Russia’s military intelligence outfit – the GRU.
Some of these cyber-attacks had been previously attributed by private sector researchers to Russia. Britain had also attributed other cyber-attacks to Russia.
But for the first time British intelligence has singled out the GRU – and not just the Russian state – as specifically responsible for a series of events which hit a wide range of targets.
The statement also collates the range of names that have been publicly linked to the GRU by different security researchers.
Some are well known, like Fancy Bear, and others less well known. The British statement puts them all together in one place and confirms that in the view of British intelligence they all belong to the GRU.
Do other countries carry out cyber attacks?
Russia is not the only state to have been accused of cyber-attacks.
- The UK blamed the Wannacry ransomware incident on North Korean actors in December 2017, as did the US, Australia, Canada, New Zealand, Denmark and Japan
- In March this year, Britain blamed a campaign targeting universities around the world, including in the UK, on the Mabna Institute based in Iran
- China-based groups linked to the state were accused of hacking UK think tanks last year by a US cyber-security company which investigated
- In April, the UK said it had conducted a “major offensive cyber-campaign” against the Islamic State group.
What is the GRU?
The GRU, also known as the Main Intelligence Directorate, is the intelligence arm of the Russian military.
It is different to the former KGB (now known as the SVR and FSB) as it conducts undercover military operations and collects intelligence operations around the globe.
In recent years the GRU has been accused of undercover involvement in the conflict in Ukraine, which saw the Russian annexation of Crimea in 2014.
It is believed that the two men accused of poisoning Russian ex-spy Sergei Skripal and his daughter Yulia, named as Alexander Petrov and Ruslan Boshirov, were GRU agents.