Story image

GCSB exposes Russia's involvement in malicious cyber attacks

04 Oct 2018

New Zealand’s Government Communications Security Bureau (GCSB) and the UK's National Cyber Security Centre (NCSC) are the finger squarely at Russsian government for its role in malicious cyber activity and spying on international political institutions, businesses, sporting organisations, and media.

Today the GSCB released an announcement saying it has ‘established clear links’ between the Russian government and the alleged activities through a process of attribution.

The GRU is the Russian military intelligence service and is known by a number of different names and attacks. APT28, Fancy Bear, Sofacy, STRONTIUM, Sednit, Pawnstorm, CyberCaliphate, Cyber Berkut, Voodoo Bear, BlackEnergy Actors, Tsar Team, and Sandworm are just a few.

The GRU’s cyber activities date back as far as 2015, when accounts belonging to a small UK-based TV station were hacked and stolen. 

In June 2016, attackers struck again, this time in a targeted attack against the United States Democratic national Committee. Attackers hacked documents and then published them online.

Just one month later in August 2016, The World Anti-Doping Agency (WADA) admitted that its Anti-Doping Administration and Management system was hacked. Attackers leaked private medical files belonging to high-profile athletes.

The fourth incident took place in October 2017 when the BadRabbit malware struck Russia and the Ukraine.

According to GCSB director-general Andrew Hampton, its robust attribution process demonstrates strong links between the four incidents and the Russian government.

"The nature of these campaigns is complex. The GCSB’s assessment found it was highly likely the GRU was behind the campaigns and that a number of cyber proxy groups associated with these incidents are actors of the Russian state,” Hampton explains.

The GCSB’s findings don’t stand alone: The United Kingdom’s National Cyber Security Centre (NCSC) has also released its own findings. They are consistent with GCSB findings and also attributes the attacks to the GRU.

A statement from UK Foreign Secretary Jeremy Hunt says that the attacks don’t serve any legitimate national security interest – instead they just disrupted people’s daily lives. 

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Hunt says.

“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

While New Zealand organisations were not directly affected by the four incidents the GCSB investigated, Hampton says that there are activities in New Zealand that can be linked to Russian state actors.

“Such behaviour is unacceptable – it is counter to New Zealand’s vision for an open, safe and secure cyberspace,” Hampton says.

“These incidents reinforce the need for New Zealand to have robust national systems to address cyber threats. Initiatives such as the GCSB’s CORTEX cyber defence capabilities and the proposed expansion of the Malware-Free Networks programme help protect our nationally significant organisations.”   The government says its Cyber Security Strategy refresh aims to ensure New Zealand is able to handling increasing numbers of cybersecurity threats.

The GCSB conducted research through its own cyber threat analysis and material from its partners.

Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.