Who are the Russian hackers named by UK government?

The British government has directly accused Russia’s GRU military intelligence agency of being behind a spate of “reckless and indiscriminate cyberattacks” across the world.

A new report by the UK’s National Cyber Security Centre accuses Russian intelligence services of masterminding six acts of cyberwarfare that served no legitimate Russian national security interests.

In an unprecedented statement, Foreign Secretary Jeremy Hunt said: “The GRU’s actions are reckless and indiscriminate. They try to undermine and interfere in elections in other countries, they are even prepared to damage Russian companies and Russian citizens.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

“This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms, and to do so with a feeling of impunity and without consequences.

“Our message is clear - together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

The UK Foreign Office has identified 12 code-named hacking groups believed to be linked to the GRU - Fancy Bear, Voodoo Bear, APT28, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berku, BlackEnergy Actors, STRONTIUM, Tsar Team and Sandworm.

“Some of the groups are well known, like Fancy Bear, and others less well known,” says the BBC’s Gordon Corera. “The British statement puts them all together in one place and confirms that in the view of British intelligence, they all belong to the GRU.”

The alleged attacks by the intelligence agency include the hacking of the US Democratic National Committee in 2016, which resulted in a mass leak of private emails and message logs from party officials.

Also on the list is the hacking of an unnamed small UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen.

And UK cyber experts believe the GRU was almost certainly behind the Bad Rabbit ransomware attack last year, which “targeted a Ukrainian international airport and Russian media outlets, as well as the hacking of the World Anti-Doping Agency in Switzerland”, says the Radio Free Europe/Radio Liberty news site.

Former UK diplomat Lord Ricketts told the BBC that Russia may have targeted the doping watchdog “to distract from the very serious allegations about Russian athletes”, while the Ukraine attack was probably intended to “destabilise” the region.

But some of the other attacks appear to have been random, Ricketts added, and might have been part of a “pilot project” to “see what they can do at a point where they wanted to use” cyberwarfare.

Professor Malcolm Chalmers of London-based defence think-tank Rusi told The Guardian: “Most intelligence services try to gain advantage through stealing the secrets of their adversaries. But the GRU’s activities go well beyond this traditional peacetime espionage role.

“By launching disruptive operations that threaten life in target societies, they blur the line between war and peace.”

The allegations in the new report “are bound to be dismissed as propaganda by Russia, but experts claim [Russian President Vladimir] Putin would be taken aback by the depth of the exposure of his intelligence service’s actions”, adds the newspaper.