Late last week the UK's National Cyber Security Centre announced that Russia's military intelligence service (the GRU) were conducting cyber reconnaissance against officials and organisations involved in the 2020 Olympic and Paralympic Games due to take place in Tokyo this summer before they were postponed. The huge list of targets included Game organisers, logistics services and sponsors.
The planned attack on the 2020 Olympics is the latest in a campaign of Russian malicious cyber activity against the Olympic and Paralympic games. It was also announced last week that the 2018 Winter was targeted during the opening ceremony, this was originally through to be carried out by the North Koreans' and Chinese but it was later found that the Russians had disguised themselves. After targeting the opening ceremony they later went on to attack broadcasters, a ski resort, Olympic officials and even sponsors. The NCSC assessed the incident found that the attack was intended to wipe data and disable the computers and networks.
On Monday 19th October the US Department of Justice announced criminal charges were to be filed against Russian military intelligence officers working in the GRU's destructive cyber unit, the pair are known as Sandworm and VoodooBear in relation to the 2018 Winter Games and the 2018 spear-phishing attack on the UK Defence Science and Technology Laboratory.
It is believed that the attacks are a result of Russia being banned from all world sporting events by the Worldwide Anti Doping Agency (Wada), this was after Russia's own anti-doping agency was found guilty of manipulating laboratory data.
The UK government has also announced that the GRU unit known as GTsST has been behind multiple other malicious cyber-attacks including:
- BlackEnergy attack of 2015- The Ukraine electricity grid was remotely shut down leaving over 230,000 people without power for up to 6 hours.
- Industroyer 2016- Once again part of Ukraine's electricity grid was shut off resulting in a fifth of Kyiv losing power for over an hour. This is the first known instance of malware designed specifically to disrupt electricity grids.
- NotPetya 2017- An attack targeting the Ukrainian financial, energy and government sectors disrupting European and Russian businesses.
- BadRabbit 2017- Ransomware encrypted the hard drives of the Kyiv metro, Odessa airport, Russia's central bank and two Russian media outlets.
- VPNfilter 2017- VPNfilter malware infected thousands of home and small business routers worldwide. The infection allowed hackers to control infected devices, render them inoperable and intercept or block network traffic.
- DSTL 2018- The GRU attempted to gain access to the UK's Defence and Science Technology Laboratory's computer systems.
- FCO 2018- The GRU attempted to compromise the UK Foreign and Commonwealth Offices computer systems with a spear-phishing attack.
The National Cyber Security Center has confirmed with more than 95% accuracy that all of the above incidents were carried out by the unit known as the GTsST or unit 74455 of the GRU.
For more cybersecurity news follow ADNS Group on LinkedIn, Twitter and Facebook for regular updates.