Russia cyberattacks - as it happened: GRU accused of targeting Dutch chemical weapons body and Porton Down
GRU also blamed for attacks targeting Foreign Office, MH17 investigation and anti-doping conference
Your support helps us to tell the story
This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.
The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.
Help us keep bring these critical stories to light. Your support makes all the difference.
The Dutch government has said it disrupted an attempt by Russian intelligence agents to hack the international chemical weapons watchdog as it investigated the Salisbury nerve agent attack.
Four Russians were expelled from the Netherlands after the plan was uncovered in April.
At the time, the Organisation for the Prohibition of Chemical Weapons (OPCW) was working to verify the identity of the substance used in the attack against the former Russian spy, Sergei Skripal, and his daughter, Yulia.
It was also seeking to verify the identity of a substance used in a chemical attack in Douma, Syria.
Britain’s defence secretary, Gavin Williamson, branded a series of global cyberattacks blamed on Russia as the reckless actions of a “pariah state,” saying the UK and its Nato allies would uncover such activities in the future.
“Where Russia acts in an indiscriminate and reckless way, where they have done in terms of these cyberattacks, we will be exposing them,” Mr Williamson said at talks in Brussels with the US defence secretary, James Mattis, and their Nato counterparts.
Additional reporting by agencies
Handout from Dutch Defence Ministry shows parts of Russian diplomatic passports of alleged Russian agents
The defence secretary, Gavin Williamson, said he welcomes the Dutch operation, and that the UK "stands solidly" with them.
"Unfortunately, the case highlighted by the Dutch was not an isolated act. Earlier today, the British government exposed a campaign of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport," he said.
"We identified that these attacks were, in fact, the GRU. They served no legitimate national security interest. Instead they targeted people going about their daily lives; and international organisations, like the OPCW, whose work represents the global community's shared values.
"All these cases are further examples of a pattern of reckless behaviour. It is the Russian state that bears the grave responsibility for actions of the GRU.
"We can no longer allow the GRU to act aggressively across the world with apparent impunity. We will not tolerate their aggressive behaviour and, together with our allies, we will expose and respond to their attempts to undermine international solidarity."
The Foreign Office has tweeted a thread with the latest information on the Russian cyber attack on the Organisation for the Prohibition of Chemical Weapons (OPCW).
It posted: "Thread: The attempted hacking of the Organisation for the Prohibition of Chemical Weapons (OPCW) by the Russian Military Intelligence Service - the GRU - part of a sustained pattern of hostile cyberspace activity. What we know.
"The attempted hacking happened in April. Around that time, the OPCW was working to independently verify the UK's analysis of the chemical used in the poisoning of the Skripals in Salisbury. The OPCW confirmed the UK's analysis.
"This operation in The Hague by the GRU was not an isolated act. The Unit involved, known in the Russian military as Unit 26165, has sent officers around the world to conduct brazen close access cyber operations.
"One of the GRU officers who was escorted out of the country by Dutch authorities, Yevgeniy Serebriakov, also conducted malign activity in Malaysia.
"This GRU operation was trying to collect information about the MH-17 investigation, and it targeted Malaysian government institutions including the Attorney General's office and the Royal Malaysian Police.
"We also know that the GRU officers who were stopped in The Hague planned to travel on to the OPCW designated laboratory in Spiez. This wouldn't have been the first time they'd travelled to Switzerland.
"Intelligence collected from a laptop that belonged to one of the GRU officers disrupted in The Hague, shows that it had connected to WiFi at the Alpha Palmiers Hotel in Lausanne in September 2016 - where a WADA conference was taking place.
"That conference was attended by officials from the International Olympic Committee and the Canadian Centre for Ethics in Sport. They found themselves the victims of a cyber-attack."
The Foreign Office thread continued: "One official from the Canadian Centre had their laptop compromised by 'APT28' malware; this was probably deployed by an actor connected to the same hotel WIFI network.
"The British Government has publicly revealed that APT28 and a number of other cyber actors, widely known to have been conducting cyber-attacks around the world, are in fact the GRU.
"The officers disrupted in The Hague are part of the same Unit of the GRU - 26165 - which is responsible for APT28.
"Another of the cyber actors identified as the GRU was Sandworm, which was active in the wake of the Salisbury attack. They were behind the following:
"In March, straight after the Salisbury attack, the GRU attempted to compromise UK Foreign and Commonwealth Office computer systems via a spear phishing attack.
"In April, GRU intrusions targeted both the computers of the UK Defence and Science Technology Laboratory and the Organisation for the Prohibition of Chemical Weapons.
"In May, GRU hackers sent spear phishing emails which impersonated Swiss federal authorities to target OPCW employees directly, and thus OPCW computer systems.
"These cyber-attacks were carried out remotely - by GRU teams based within Russia.
"The GRU has also interfered in free elections and pursued a hostile campaign of cyber-attacks against state and civilian targets.
"With its aggressive cyber campaigns, we see the GRU trying to clean up Russia's own mess - be it the doping uncovered by WADA or the nerve agent identified by the OPCW.
"Alongside our allies, the United Kingdom is committed to confronting, exposing and disrupting the GRU's activity."
A senior Russian MP has lashed out against claims of alleged cybercrimes by the Russian military intelligence, saying they are intended to smear Russia.
Konstantin Kosachev, the head of the foreign affairs committee in the upper house of Russian parliament, denounced the accusations as fake, saying they are intended to "delegitimise Russia" and pave the way for using any illegitimate means against it.
He argued that the West has picked up the GRU as "a modern analogue of the KGB which served as a bugaboo for people in the West during the Cold War."
The highest court in world sports has said it is "good to know" Russian hackers who allegedly attacked its website during the 2016 Rio de Janeiro Olympics have been identified.
The Switzerland-based Court of Arbitration for Sport processed dozens of doping and Olympic eligibility cases involving Russian athletes in the days before and during the games held 5-12 August two years ago.
A US Department of Justice indictment against seven Russians unsealed on Thursday alleged they registered a fake domain similar to the one for the sports court's official website and two suspects "conducted online reconnaissance efforts targeting CAS email accounts."
In a statement, the court said its "servers were resistant enough to ensure data protection."
The indictment says defendant Ivan Yermakov also targeted a hotel chain that operated the Rio property where the sports court had a dedicated Olympic tribunal.
The World Anti-Doping Agency has welcomed the US indictment of Russians accused of hacking sports organisations and releasing athletes' medical records.
WADA said the alleged hackers "sought to violate athletes' rights by exposing personal and private data - often then modifying them - and ultimately undermine the work of WADA and its partners in the protection of clean sport."
It said it was "pleased to collaborate" with the investigation and has tightened up security since it was hacked in 2016.
WADA, the US Anti-Doping Agency and the Canadian anti-doping agency were all named as victims in a US Department of Justice indictment against seven Russian intelligence agents that was unsealed Thursday.
Travis Tygart, the CEO of the US anti-doping agency and a prominent critic of Russian athletes' drug use, said "a system that was abusing its own athletes with an institutionalized doping program has now been indicted for perpetrating cyberattacks on innocent athletes from around the world."
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments