The U.K. government has not only accused Russia of four cyberattacks, it’s now linking the country’s alleged hacking team to raids on power stations, TV companies and more.
The National Cyber Security Centre has today publicly accused the Russian military intelligence service, the GRU, of hacking the Democratic National Committee, the World Anti-Doping Agency and a small British TV station, among other targets.
But it also lists the pseudonyms it claims the group is operating under, including CyberCaliphate, Cyber Berkut and Sandworm. If true, they are blaming Russia for a series of cyberattacks carried out under so-called “false flags.”
CyberCaliphate was the name adopted by those who broke into French TV network TV5 Monde in April 2015, taking several of its channels off air. French investigators later attributed the attack to Russian hackers, and it appears the British government now believes it was the work of the GRU.
Sandworm was the name given to hackers who broke into power stations in Ukraine. Again, security researchers claimed the group was Russian, but today the U.K. Government has explicitly stated that Sandworm is actually the GRU as well. It appears to be the first time the group has been linked to the Russian government.
Russia has called today’s announcement a “rich fantasy” and has consistently denied accusations of state-sponsored hacking, which it describes as “Western spy mania.” In terms of evidence, the NCSC statement included “indicators of compromise” (tell-tale signs the hacking group is present), but it lacks the level of detail of the US Department of Justice criminal indictment of the alleged GRU hackers.
The NCSC announcement coincides with the Dutch security service’s expulsion of four diplomats over allegations of a plot to hack into the Organisation for the Prohibition of Chemical Weapons (OPCW), which is investigating the poisoning of a former Russian spy and his daughter in the U.K.
In addition, the U.S. Department of Justice charged seven Russian military officers with hacking into WADA, the OPCW and a U.S. power company. Three of those charged were also named in the DOJ’s previous indictment regarding the hacking around the U.S. presidential election in 2016.