New cyber attacks committed by GRU, UK intelligence believes

New cyber attacks committed by GRU, UK intelligence believes

Four new attacks have been associated with the GRU by the UK’s National Cyber Security Centre (NCSC).

These include a series of attacks on Russian and Ukranian transport, media and banks, and a separate attack made on a database of international athletes, in 2017.

The third attack was on an American political party’s governing body, the Democratic National Committee (DNC), and the fourth on a small UK TV network, both in 2016.

GRU hackers operate under a dozen different names, with the most well-known being Fancy Bear.

  • APT 28
  • Fancy Bear
  • Sofacy
  • Pawnstorm
  • Sednit
  • CyberCaliphate
  • Cyber Berkut
  • Voodoo Bear
  • BlackEnergy Actors
  • STRONTIUM
  • Tsar Team
  • Sandworm

The NCSC assesses “with high confidence” the GRU was “almost certainly responsible” for the following recent attacks.

The latest was of BadRabbit ransomware, which encrypts the contents of a computer and demands payment – in this case 0.05 bitcoins, or £213.

The attack “caused disruption” to Ukraine’s Kyiv metro and Odessa airport, as well as  Russia’s central bank.

The ransomware also hit two privately-owned Russian media outlets, St Petersburg-based Fontanka.ru and news agency Interfax, whose website was still down 24 hours after the attack in October last year.

Sir Bradley Wiggins
British cyclists Bradley Wiggins and Chris Froome were among those who had records released on their use of banned substances for a legitimate medical reason (Adam Davy/PA)

British cyclists Bradley Wiggins and Chris Froome were among those who had records released on their use of banned substances for a legitimate medical reason.

WADA confirmed the records were from its Anti-Doping Administration and Management system, hacked using a “spear phishing” method to gain the password.

The hacking group claimed to be “exposing the athletes who violate the principles of fair play by taking doping substances” but WADA said the attack was “a cheap shot at innocent athletes”.

Hillary Clinton
A third attack was made on the USA Democrat party (Steve Parsons/PA)

A closed-door briefing to Senators reportedly saw American intelligence service the CIA declare it was “quite clear” that electing Donald Trump was Russia’s goal.

They also reportedly said Russian hackers had hacked the Republican National Committee but chose not to leak the information obtained.

The fourth attack was on an unnamed small UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen.

Hackers are understood to have been monitoring internal communications, about any stories coming in or being discussed by journalists.

Previous attacks include the targeting of Ukrainian financial, energy and government sectors, which the UK Government attributed this attack to the GRU in February 2018.

VPNFILTER malware infected thousands of home and small business routers and network devices worldwide in October 2017, which allowed attackers to control infected devices, render them inoperable and intercept or block network traffic.

A joint technical alert on activity by Russian state-sponsored actors was issued by the NCSC, FBI and Department for Homeland Security in April 2018.

– Advertisement –
– Advertisement –