25 October 2020

UK exposes series of Russian cyber attacks against Olympic and Paralympic Games


Russia’s military intelligence service, the GRU, conducted cyber reconnaissance against officials and organisations at the 2020 Olympic and Paralympic Games due to take place in Tokyo this summer before they were postponed, the UK has revealed today.

The targets included the Games’ organisers, logistics services and sponsors.

The attacks on the 2020 Summer Games are the latest in a campaign of Russian malicious cyber activity against the Olympic and Paralympic Games.

The UK is confirming for the first time today the extent of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.

The GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony of the 2018 Winter Games.

It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games in 2018.

The GRU deployed data-deletion malware against the Winter Games IT systems and targeted devices across the Republic of Korea using VPNFilter.

The National Cyber Security Centre (NCSC) assesses that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks.

Administrators worked to isolate the malware and replace the affected computers, preventing potential disruption.

Foreign Secretary Dominic Raab said:

The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.

The UK will continue to work with our allies to call out and counter future malicious cyber attacks.

The UK has already acted against the GRU’s destructive cyber unit by working with international partners to impose asset freezes and travel bans against its members through the EU cyber sanctions regime.

Today (Monday 19 October), the US Department of Justice has announced criminal charges against Russian military intelligence officers working for the GRU’s destructive cyber unit – also known by the codenames Sandworm and VoodooBear – for conducting cyber attacks against the 2018 Winter Games and other cyber attacks, including the 2018 spear phishing attacks against the UK’s Defence Science and Technology Laboratory (DSTL).

The UK attributed the attacks against DSTL, which followed the Salisbury poisonings, to Russia in 2018.
Background

These cyber attacks were committed by the GRU’s Main Centre for Special Technologies, GTsST also known by its field post number 74455 and known in open source as:
Sandworm
BlackEnergy Group
Telebots
VoodooBear
Iron Viking
Quedagh
Electrum
Industroyer
G0034

No comments: