LATEST: The US Justice Department said it has charged seven Russian military intelligence officers with hacking anti-doping agencies and other organisations.
A Russian military intelligence (GRU) spying operation on the body responsible for investigating chemical weapons was thwarted by Dutch and UK authorities in April of this year.
The attack targeted the headquarters of the OPCW in Hague, the global body analysing samples of the Novichok nerve agent that Britain accused Russia of using to try to murder former spy Sergei Skripal and his daughter.
The team of four GRU officers travelling on official Russian passports entered the Netherlands on April 10 under the codename AP28.
On April 13 they parked a car carrying specialist hacking equipment outside the headquarters of the OPCW in the The Hague.
Peter Wilson, the British Ambassador to the Netherlands: “Around that time the OPCW was working to independently verify the United Kingdom’s analysis of the chemical weapons used in the poisoning of the Skripals in Salisbury.”
At this point the Dutch counter-terrorism officers intervened to disrupt the operation and the four GRU officers were ordered to leave the country.
A British Whitehall official said that the 4 men were “caught in flagrante”, and added the “technicolour” detail of the items found would be embarrassing to the Russians: “For a GRU operative to get caught with all that equipment would be seen by them as a pretty bad day.”
Two of the officers were planning to travel on to Switzerland where the OPCW – which was at the time investigating the Salisbury attack and a suspected chemical weapons attack in Syria – has laboratories.
The Dutch authorities released CCTV imagery of the four men arriving at Schipol Airport as well photographs of their passports.
They were named in them as Alekski Morenets, described as a cyber operator, Evgenii Serebriakov, also a cyber operator, Oleg Soktnikov, described as humint (human intelligence) support and Alexey Minin, also humint support.
The “close access” hacking attempt, just a month after the Salisbury nerve agent attack, followed an earlier failed “spearfishing attack” on the OPCW headquarters.
Wilson said the group had also carried out attacks on the UK Foreign Office and Porton Down Defence and Science Laboratory in the wake of the Skripal poisoning.
It was also active in Malaysia targeting authorities investigation the downing of flight MH17.
He said: “This GRU operation was trying to collect information about the MH17 investigation.
“And targeted Malaysian government institutions, including the attorney general’s office and the Royal Malaysian Police.”
Foreign Secretary Jeremy Hunt said Russia could face further sanctions in the wake of the “hard evidence”.
Asked why the GRU team was allowed to go back to Russia, a Whitehall official said: “That was a decision taken by the Dutch authorities and that’s a question that needs to be addressed to the Dutch authorities.
“The individuals were traveling on diplomatic passports.”
Conservative MP Tom Tugendhat, chairman of the UK’s Commons Foreign Affairs Committee, tweeted: “The catalogue of evidence shows why the Dutch are excellent partners and that the decades of theft have stripped Russia’s intelligence of the skills they once had. Putin’s corrupt greed has turned the GRU into an amateurish bunch of jokers.”
In a joint statement Theresa May and Dutch prime minister Mark Rutte said: “We have, with the operations exposed today, further shone a light on the unacceptable cyber activities of the Russian military intelligence service, the GRU.
“This attempt to access the secure systems of an international organisation working to rid the world of chemical weapons, demonstrates the GRU’s disregard for the global values and rules that keep us safe.
“Our action today reinforces the clear message from the international community: we will uphold the rules-based international system and defend international institutions from those that seek to do them harm.”
The announcement comes on the same day the National Cyber Security Centre (NCSC) claimed a number of notorious cyber attackers responsible for some of the biggest hacks in recent years are all in fact Russian military intelligence (GRU).
Operating under names such as Voodoo Bear, CyberCaliphate and Pawnstorm, the National Cyber Security Centre (NCSC) accused GRU of “working in secret to undermine international law and international institutions”.
The NCSC said it could assess with “high confidence” that the GRU was “almost certainly responsible” for:
- In October 2017 attack, BadRabbit ransomware encrypted hard drives and rendered IT inoperable. This caused disruption including to the Kyiv metro, Odessa airport, Russia’s central bank and two Russian media outlets.
- In August 2017, confidential medical files relating to a number of international athletes were released. WADA stated publicly that this data came from a hack of its Anti-Doping Administration and Management system.
- In 2016, the Democratic National Committee (DNC) was hacked and documents were subsequently published online.
- Between July and August 2015 multiple email accounts belonging to a small UK-based TV station were accessed and content stolen.
Asked about accusations from the Foreign Office of Russia being involved in worldwide cyber attacks, a spokesman for the Russian embassy said: “This statement is reckless. It has become a tradition for such claims to lack any evidence.
“It is yet another element of the anti-Russian campaign by the UK Government.”