The UK government has accused Russia’s military intelligence service, the GRU, of conducting cyber reconnaissance operations targeting the organisers, officials, logistics services, and sponsors associated with the Tokyo Olympics before the event was postponed.
A statement was issued by Foreign Secretary Dominic Raab to this effect after the National Cyber Security Centre stated “with high confidence” that the GRU’s Main Centre for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear, targeted the 2018 Winter Games hosted by South Korea as well as the 2020 Tokyo Olympics.
According to the cyber security watchdog, GRU targeted the opening ceremony of the 2018 Winter Games by disguising itself as North Korean and Chinese hackers and attempted to sabotage the Winter Olympic and Paralympic Games by deploying malware designed to wipe data from and disable computers and networks.
In fact, on the day the Pyeongchang Winter Olympics was slated to commence, the official website of the global event suffered a 12-hour shutdown after suffering a cyber attack that took place minutes before the opening ceremony was to take place. Interestingly, the cyber attack took place within days after an IOC panel refused permission for fifteen previously-banned Russian athletes and support staff from participating in the Winter Olympics.
NCSC also said that the GRU carried out cyber reconnaissance against officials and organisations associated with Tokyo Olympics before the event was postponed. The list of entities targeted by the GRU included the Games’ organisers, logistics services and sponsors.
“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms. The UK will continue to work with our allies to call out and counter future malicious cyber attacks,” said Foreign Secretary Dominic Raab.
On Monday, a federal grand jury in the US also indicted six members of Unit 74455 of Russia’s GRU for multiple counts that included the use of cyber operations to destabilize Ukraine and Georgia, to retaliate against accusations of Russia using a weapons-grade nerve agent on foreign soil, to target elections in France, and to disrupt the 2018 PyeongChang Winter Olympic Games.
The six hackers have been indicted for using highly destructive malware such as KillDisk and Industroyer to inflict a series of blackouts in Ukraine, for using the NotPetya malware that caused nearly $1 billion in losses to affected organisations, and for using the Olympic Destroyer malware to disrupt thousands of computers used to support the 2018 PyeongChang Winter Olympics.
According to the US Department of Justice, after it came to light that Russia used a weapons-grade nerve agent (Novichok) to target Sergei Skripal and his daughter in the UK, the GRU carried out a spear-phishing campaign targeting investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL).
The Russian military intelligence agency also carried out large-scale spear-phishing campaigns to compromise the network of the Georgian Parliament, to deface thousands of websites in Georgia, and to target French President Macron’s “La République En Marche!” (En Marche!) political party, French politicians, and local French governments prior to the 2017 French elections.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers.
“Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”