GRU

Russia planned cyber-attack on Tokyo Olympics

Dominic Raab condemns ‘cynical and reckless’ bid to disrupt Games, before they were postponed

The evidence is the first indication that Russia was prepared to go as far as to disrupt the summer Games, from which all Russian competitors had been excluded because of persistent state-sponsored doping offences

.spg
SPORT PRESS GROUP

Russian military intelligence services were planning a cyber-attack on the Japanese-hosted Olympics and Paralympics in Tokyo this summer in an attempt to disrupt the world’s premier sporting event, the UK National Cyber Security Centre has revealed, disclosing a joint operation with the US intelligence agencies.

The Russian cyber-reconnaissance work covered the Games organizers, logistics services and sponsors and was under way before the Olympics was postponed due to coronavirus.

Many previous ascribed Russian cyber-attacks have been against the state institutions of Moscow’s political opponents, but some cyber-activity has been directed at the agencies conducting inquiries into Russian sports doping.

The evidence is the first indication that Russia was prepared to go as far as to disrupt the summer Games, from which all Russian competitors had been excluded because of persistent state-sponsored doping offences.

The UK has also become the first government to confirm details of the breadth of a previously reported Russian attempt to disrupt the 2018 winter Olympics and Paralympics in Pyeongchang, South Korea. It declared with what it described as 95% confidence that the disruption of both the winter and summer Olympics was carried out remotely by the GRU unit 74455.

In Pyeongchang, according to the UK, the GRU’s cyber-unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony of the 2018 winter Games, crashing the website so spectators could not print out tickets and crashing the wifi in the stadium.

The key targets also included broadcasters, a ski resort, Olympic officials, service providers and sponsors of the games in 2018, meaning the objects of the attacks were not just in Korea.

The GRU also deployed data-deletion malware against the winter Games IT systems and targeted devices across South Korea using a VPN filter.

The UK assumes that the reconnaissance work for the summer Olympics – including spearphishing to gather key account details, setting up fake websites and researching individual account security – was designed to mount the same form of disruption, making the Games a logistical nightmare for business, spectators and athletes.

The foreign secretary, Dominic Raab, said: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.

“The UK will continue to work with our allies to call out and counter future malicious cyber-attacks.”

On Monday, the US indicted six Russian military intelligence officers for their alleged role in hacking attacks on the 2018 winter Olympics, and on targets of the “NotPetya” malware, including a Pennsylvania hospital, which is also alleged to be work of the GRU’s unit 74455, known by cybersecurity researchers, as the “Sandworm team”.

The US assistant attorney general John Demers said the “Olympic Destroyer” attack, in revenge for a doping investigation of the Russian Olympic team, “combined the emotional maturity of a petulant child with the resources of a nation state”.

“As this case shows, no country has weaponised its cyber-capabilities as maliciously and irresponsibly as Russia, wantonly causing unprecedented collateral damage to pursue small tactical advantages and fits of spite,” Demers said, adding the damages on three US targets amounted to more than $1bn.

The US justice department estimates the total worldwide damage caused by the NotPetya worm at more than $10bn, with more than 300 victims worldwide, making it the costliest hacking attack ever. The US indictments also cover alleged GRU attacks on Ukraine, Georgia, the South Korean Olympics, the French elections and the investigation into the 2018 Russian novichok nerve agent attack in the UK.

The six indicted GRU officers were charged with roles in producing components of the NotPetya, Olympic Destroyer and other malware, as well as involvement in spearphishing attacks on Olympic, French and Georgian officials.

The US indictment provided intricate details of the alleged hacking operations, including spearphishing attacks on Olympic athletes, with links to malware disguised as updates about accommodation. British defence officials and experts from the Organisation for Prohibition of Chemical Weapons were targeted with emails designed to look as if they were sent by UK and German journalists.

One of the accused GRU officers, Anatoliy Sergeyevich Kovalev, is also alleged to have targeted car dealers and real estate agents for personal profit.

Demers did not comment on the UK allegations that the GRU 74455 team was targeting next summer’s Olympics.

The UK accusations are part of an attempt to disrupt Russia’s cybersecurity threat through maximum exposure and deter any disruption of a rescheduled summer Games next year. British sources said the extent and persistence of the cyber-activity against sporting bodies was likely to have been cleared at the highest echelons of the Russian state.

Russia was banned in December 2019 from all world sporting events by the World-wide Anti-Doping Agency (Wada), including the summer Olympics, after Russia’s own anti-doping agency was found guilty of manipulating laboratory data handed over to investigators in January 2019.

At the time of the four-year Wada ban, Russia claimed it was a victim of hysteria.

The 2018 attack on the winter Olympics predates the ban, and underlines how Russia has been for many years trying to intimidate and penetrate those agencies seeking to investigate Russian doping, even now going to the length of disrupting the summer Olympics themselves.

The revelations potentially come at a difficult time for Donald Trump as the issue of Russian interference in US politics has reared its head again in the presidential election campaign.

Trump’s personal lawyer Rudy Giuliani and the New York Post have been accused of unwittingly letting themselves be used by Russia to spread disinformation about the Democratic candidate, Joe Biden, and his son Hunter.

The UK claims the cyber-attacks are part of a pattern by the Russian state to electronically target countries ranging from Ukraine, the US and Georgia to the UK, including the Foreign Office.

British officials pointed out that Russia at the UN general assembly had signed up to an Olympic truce, including a commitment not to disrupt, or in any way undermine, the safety of the Games.

Read more

Alexei Navalny on hunger strike in prison

Russian opposition leader Alexei Navalny has started a hunger strike in prison to protest officials’ failure to provide proper treatment for his back and leg pains. In a statement posted Wednesday on Instagram, Navalny complained about prison authorities’ refusal to give him the right medicines and to allow his doctor to visit him behind bars.

Russia targeted Trump allies to hurt Biden in 2020 election, US officials say

Russia tried to influence the 2020 US presidential election by proliferating “misleading or unsubstantiated allegations” largely against Joe Biden and through allies of Donald Trump, US intelligence officials said on Tuesday. The assessment was contained in a 15-page report published by the Office of the Director of National Intelligence. It underscored allegations that Trump’s allies played into Moscow’s hands by amplifying claims against Biden by Ukrainian figures with links to Russia. In a statement, the Democratic House intelligence chair, Adam Schiff, said: “Through proxies, Russia ran a successful intelligence operation that penetrated [Trump’s] inner circle.

U.S. report says Russia, not China, tried to influence 2020 election

Russia’s government tried to seed the 2020 U.S. presidential campaign with “misleading or unsubstantiated allegations” against then-candidate Joe Biden through allies of former President Trump and his administration, U.S. intelligence officials said on Tuesday. The assessment was made in a 15-page report into election interference published by the Office of the Director of National Intelligence. It underscores allegations that Trump’s allies were playing into Moscow’s hands by amplifying claims made against Biden by Russian-linked Ukrainian figures in the run up to the Nov. 3 election. Biden defeated Trump and took office on Jan. 20.

Joe Biden signals another severe reversal from Donald Trump

The White House released its interim national security strategic guidance, stressing a need to build alliances and strengthen democracy, an implicit rebuff of former President Trump’s “America first" strategy. “We will only succeed in advancing American interests and upholding our universal values by working in common cause with our closest allies and partners, and by renewing our own enduring sources of national strength,” President Biden wrote in the guidance.