sb-eu logo
Story image

GCSB exposes Russia's involvement in malicious cyber attacks

04 Oct 2018

New Zealand’s Government Communications Security Bureau (GCSB) and the UK's National Cyber Security Centre (NCSC) are the finger squarely at Russsian government for its role in malicious cyber activity and spying on international political institutions, businesses, sporting organisations, and media.

Today the GSCB released an announcement saying it has ‘established clear links’ between the Russian government and the alleged activities through a process of attribution.

The GRU is the Russian military intelligence service and is known by a number of different names and attacks. APT28, Fancy Bear, Sofacy, STRONTIUM, Sednit, Pawnstorm, CyberCaliphate, Cyber Berkut, Voodoo Bear, BlackEnergy Actors, Tsar Team, and Sandworm are just a few.

The GRU’s cyber activities date back as far as 2015, when accounts belonging to a small UK-based TV station were hacked and stolen. 

In June 2016, attackers struck again, this time in a targeted attack against the United States Democratic national Committee. Attackers hacked documents and then published them online.

Just one month later in August 2016, The World Anti-Doping Agency (WADA) admitted that its Anti-Doping Administration and Management system was hacked. Attackers leaked private medical files belonging to high-profile athletes.

The fourth incident took place in October 2017 when the BadRabbit malware struck Russia and the Ukraine.

According to GCSB director-general Andrew Hampton, its robust attribution process demonstrates strong links between the four incidents and the Russian government.

"The nature of these campaigns is complex. The GCSB’s assessment found it was highly likely the GRU was behind the campaigns and that a number of cyber proxy groups associated with these incidents are actors of the Russian state,” Hampton explains.

The GCSB’s findings don’t stand alone: The United Kingdom’s National Cyber Security Centre (NCSC) has also released its own findings. They are consistent with GCSB findings and also attributes the attacks to the GRU.

A statement from UK Foreign Secretary Jeremy Hunt says that the attacks don’t serve any legitimate national security interest – instead they just disrupted people’s daily lives. 

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Hunt says.

“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

While New Zealand organisations were not directly affected by the four incidents the GCSB investigated, Hampton says that there are activities in New Zealand that can be linked to Russian state actors.

“Such behaviour is unacceptable – it is counter to New Zealand’s vision for an open, safe and secure cyberspace,” Hampton says.

“These incidents reinforce the need for New Zealand to have robust national systems to address cyber threats. Initiatives such as the GCSB’s CORTEX cyber defence capabilities and the proposed expansion of the Malware-Free Networks programme help protect our nationally significant organisations.”   The government says its Cyber Security Strategy refresh aims to ensure New Zealand is able to handling increasing numbers of cybersecurity threats.

The GCSB conducted research through its own cyber threat analysis and material from its partners.

Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More