Russian GRU agents 'should not be underestimated' after cyberattacks thwarted, officials warn

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Russian spies are “constantly” trying to hack UK government networks and critical national infrastructure, officials have warned after thwarting a series of cyberattacks following the Salisbury poisoning.

British, Dutch and American authorities named Russia’s GRU military intelligence agency as the culprits behind a “close access” attempt to compromise the Organisation for the Prohibition of Chemical Weapons (OPCW).

Officials said they had also foiled cyberattacks on the Foreign Office and Porton Down defence laboratory in the wake of the Skripal poisoning in March.

They said that because the “spear phishing” attack, where hackers attempt to fool recipients into opening malicious emails by posing as someone else, did not work, they are unsure what the Russians wanted to do.

Other attacks have been aimed at intercepting and monitoring communications, gaining information or disrupting systems and operations.

A senior government official, who spoke to journalists including The Independent on condition of anonymity, said British authorities, institutions and companies were being attacked “all the time” and the OPCW plot was part of a much wider campaign.

“Russian intelligence services are constantly conducting operations that to try to compromise UK government networks and critical infrastructure,” he added.

“We’re learning from events like this – it’s a demonstration that we are able to track and disrupt these activities but we have to continue to be vigilant.

“There was a huge amount of cooperation and effort that went into identifying and disrupting this [OPCW plot] and I certainly wouldn’t underestimate their capabilities.”

The official could not confirm that all previous attempted cyberattacks had been foiled but said security services “disrupt everything we see”.

“The GRU is testing the strength of the west’s intelligence services and there is a message here about our capabilities,” he added.

The briefing was part of a wave of announcements in Britain, the Netherlands and US naming the GRU responsible for global cyberattacks committed by groups going by names including APT28, Fancy Bear, Sofacy, Sandworm and CyberCaliphate.

Incidents listed by the UK government include attacks on Ukrainian infrastructure, the Democratic National Committee, anti-doping agencies and authorities investigating the downing of flight MH17.

As Nato and other countries backed calls for accountability, British authorities said the public disclosures aimed to make collaboration between allies “more evident to the wider world”.

A second government official said the timing and targeting of operations suggested that when there are international investigations into Russian activity, the “GRU seems to deploy”.

“This [announcement] is not with an aim to escalate – there is no quibble at all with the Russian people – but to deter this activity and defend ourselves,” she added.

Asked whether the UK was going to hit back at Russia with similar tools, she said that British intelligence agencies could not be “put in the same moral and ethical bucket”.

British officials say they do not know how Russia will react to the latest revelations, but are expecting a fresh swell of disinformation and conspiracy theories.

The Kremlin reacted angrily to the allegations, dismissing them as “fantasies” amid heightened tensions over the attempted assassination of Sergei Skripal in Salisbury.

British authorities named two GRU agents as the culprits and issued international warrants for their arrest over the poisoning and later death of Dawn Sturgess, who came into contact with a discarded bottle of novichok.

The substance used was tested at the Porton Down laboratory, before the OPCW took additional samples to verify the presence of novichok.

The four GRU agents travelled to the watchdog’s headquarters in the Netherlands amid work on the Salisbury samples, while the OPCW was also due to analyse chemical weapons allegedly used by Russia’s ally Bashar al-Assad in Douma.

They were caught outside the OPCW’s headquarters in a hire car carrying specialist equipment to hack wifi networks on 13 April.

Dutch investigators said the spies attempted to destroy their equipment and phones as police moved in but did not succeed, leaving an unprecedented haul of intelligence that has since been used to uncover their other activities.

Ticket purchases and internet searches showed that they later intended to travel onwards to the OPCW-accredited Spiez laboratory in Switzerland, which was testing novichok samples from Salisbury at the time.

The Russian men taken into custody, travelled under the names Aleksei Sergeyvich Morenets, Evgenii Mikhaylovich Serebriakov, Oleg Mikhaylovich Sotnikov and Alexey Valeryevich Minin.

They had arrived in The Hague three days earlier on diplomatic passport and investigators at Bellingcat and The Insider said the identities listed were real, rather than aliases used as cover.

Two of the passports – for the “cyber-operators” involved – were issued on the same day in April 2017 and have numbers just one digit apart.

The two GRU assassins who poisoned Mr Skripal in Salisbury were found to be travelling on fake passports that were three digits apart.

In a joint statement, Theresa May and Dutch prime minister Mark Rutte said the GRU had shown “disregard for the global values and rules that keep us all safe”.

“The GRU’s reckless operations stretch from destructive cyber activity to the use of illegal nerve agents, as we saw in Salisbury,” they added.

“We will uphold the rules-based international system and defend institutions from those that seek to do them harm.”