New Zealand’s Government Communications Security Bureau (GCSB) and the UK's National Cyber Security Centre (NCSC) are the finger squarely at Russsian government for its role in malicious cyber activity and spying on international political institutions, businesses, sporting organisations, and media.
Today the GSCB released an announcement saying it has ‘established clear links’ between the Russian government and the alleged activities through a process of attribution.
The GRU is the Russian military intelligence service and is known by a number of different names and attacks. APT28, Fancy Bear, Sofacy, STRONTIUM, Sednit, Pawnstorm, CyberCaliphate, Cyber Berkut, Voodoo Bear, BlackEnergy Actors, Tsar Team, and Sandworm are just a few.
The GRU’s cyber activities date back as far as 2015, when accounts belonging to a small UK-based TV station were hacked and stolen.
In June 2016, attackers struck again, this time in a targeted attack against the United States Democratic national Committee. Attackers hacked documents and then published them online.
Just one month later in August 2016, The World Anti-Doping Agency (WADA) admitted that its Anti-Doping Administration and Management system was hacked. Attackers leaked private medical files belonging to high-profile athletes.
The fourth incident took place in October 2017 when the BadRabbit malware struck Russia and the Ukraine.
According to GCSB director-general Andrew Hampton, its robust attribution process demonstrates strong links between the four incidents and the Russian government.
"The nature of these campaigns is complex. The GCSB’s assessment found it was highly likely the GRU was behind the campaigns and that a number of cyber proxy groups associated with these incidents are actors of the Russian state,” Hampton explains.
The GCSB’s findings don’t stand alone: The United Kingdom’s National Cyber Security Centre (NCSC) has also released its own findings. They are consistent with GCSB findings and also attributes the attacks to the GRU.
A statement from UK Foreign Secretary Jeremy Hunt says that the attacks don’t serve any legitimate national security interest – instead they just disrupted people’s daily lives.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Hunt says.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
While New Zealand organisations were not directly affected by the four incidents the GCSB investigated, Hampton says that there are activities in New Zealand that can be linked to Russian state actors.
“Such behaviour is unacceptable – it is counter to New Zealand’s vision for an open, safe and secure cyberspace,” Hampton says.
“These incidents reinforce the need for New Zealand to have robust national systems to address cyber threats. Initiatives such as the GCSB’s CORTEX cyber defence capabilities and the proposed expansion of the Malware-Free Networks programme help protect our nationally significant organisations.”
The government says its Cyber Security Strategy refresh aims to ensure New Zealand is able to handling increasing numbers of cybersecurity threats.
The GCSB conducted research through its own cyber threat analysis and material from its partners.