At one-minute past midnight on 4th October 2018 a statement came out from the British Government saying that the National Cyber Security Centre (NCSC) had “identified that a number of cyber actors widely known to have been conducting cyber-attacks around the world are, in fact, the GRU.”
The GRU is the Russian Military Intelligence organisation also known as the Main Intelligence Directorate who have been accused of being responsible for the assassination attempt on Sergei Skripal in Salisbury in March this year.
Since then, the British Prime Minister Teresa May has openly accused the GRU of their involvement in the attack, saying the two attackers, Alexander Petrov and Ruslan Boshirov had flown into Gatwick on 02 March and out of Heathrow on 04 March and these names were almost certainly pseudonyms.
The investigative journalism website Bellingcat went on to expose the real identity of the man who travelled under the name Ruslan Boshirov as Colonel Anatoliy Chepiga, a highly decorated GRU Officer who had received the Hero of the Russian Federation award in 2014.
In what Philip Ingram MBE a former British Colonel in British Military Intelligence believes is a swipe at the GRU the head of the Russian Foreign Intelligence Service, Sergey Naryshkin, when he said the Salisbury attack was “unprofessionally done.”
Almost sensing the GRU is ‘on the ropes’, openly outed for the Skripal attack, embarrassed by the ease with which investigative journalists with Bellingcat managed to expose serious flaws in the administration of their secret agents and expose the real identity of one of their highly decorated agents, linking him to Salisbury, for the first time, the UK authorities have come out fighting.
Four Russian citizens, who allegedly attempted to hack the Organization for the Prohibition of Chemical Weapons in The Hague are seen in this handout picture released on October 4, 2018. Ministerie van Defensie/Handout via REUTERS
What is the GRU accused of this time?
The NCSC has attributed a number of recent attacks to the GRU. The October 2017, BadRabbit ransomware attack encrypted hard drives and rendered IT inoperable. This caused disruption including to the Kyiv metro, Odessa airport, but was almost an own goal as it also caused disruption at Russia’s central bank and two Russian media outlets. NCSC assess with high confidence that the GRU was almost certainly responsible.
In August 2017, confidential medical files relating to a number of international athletes, including the cyclist Sir Bradley Wiggins were released. WADA stated publicly that this data came from a hack of its Anti-Doping Administration and Management system. NCSC assess with high confidence that the GRU was almost certainly responsible.
In 2016, the Democratic National Committee (DNC) was hacked and documents were subsequently published online. NCSC assess with high confidence that the GRU was almost certainly responsible.
Of interest in July 2018 the team of special investigator Robert Mueller named 12 apparent GRU officers over the alleged hacking and leaking of Democratic party emails.
Between July and August 2015, multiple email accounts belonging to a small UK-based TV station were accessed and content stolen. NCSC assess with high confidence that the GRU was almost certainly responsible.
This is not the first time the GRU has been accused.
In June 2017 a destructive cyber attack targeted the Ukrainian financial, energy and government sectors but spread further affecting other European and Russian businesses. The UK Government attributed this attack to the GRU in February 2018. NCSC assess with high confidence that the GRU was almost certainly responsible.
In October 2017, VPN FILTER malware infected thousands of home and small business routers and network devices worldwide. The infection potentially allowed attackers to control infected devices, render them inoperable and intercept or block network traffic.
In April 2018, the NCSC, FBI and Department for Homeland Security issued a joint Technical Alert about this activity by Russian state-sponsored actors.
The Foreign Secretary, Jeremy Hunt said:
“These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.”
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
The UK is not alone with accusing the GRU and last night the Australians came out to support the UK statement. Of note, the Australians are part of the 5 eyes community. This is an intelligence-sharing community of the US, UK, Canadians, Australians and New Zealand.
Timing is of interest as it is almost certainly a swipe at President Putin, waning him off interfering with the US midterm elections due on 6th November 2018.
The UK Prime Minister said in Parliament on 5 September 2018, the UK will work with our allies to shine a light on the activities of the GRU and expose their methods.
Her dancing queen speech in Birmingham is turning into her Rocky Balboa attack on the GRU, for the first time she is taking the fight to the Russians.
The announcement this morning by the Major General Onno Eichelsheim from the Dutch MIVD intelligence service regarding the expulsion of 4 GRU agents who were targeting the OPCW in the Netherlands is significant in it shows the international community joining Teresa May in ‘the ring’ helping with the fight against the Russians in an unprecedented way.
Of significance, what is being exposed are some very bad ‘drills’ by the GRU operatives and this reinforces Sergey Naryshkin comments that the Skripal attack was ‘unprofessionally done.’
Note: This blog is written by Philip Ingram MBE, a former Colonel in British Military Intelligence, who was based near Salisbury and has assessed Russian activity for many years. If you would like any further comment from Philip, please contact him by clicking HERE