Russian GRU agents 'should not be underestimated' after cyberattacks thwarted, officials warn

Officials say GRU is ‘constantly’ attacking UK government and critical national infrastructure 

Jeremy Hunt says Russia will see consequences for 'flouting' the law

Russian spies are “constantly” trying to hack UK government networks and critical national infrastructure, officials have warned after thwarting a series of cyberattacks following the Salisbury poisoning.

British, Dutch and American authorities named Russia’s GRU military intelligence agency as the culprits behind a “close access” attempt to compromise the Organisation for the Prohibition of Chemical Weapons (OPCW).

Officials said they had also foiled cyberattacks on the Foreign Office and Porton Down defence laboratory in the wake of the Skripal poisoning in March.

They said that because the “spear phishing” attack, where hackers attempt to fool recipients into opening malicious emails by posing as someone else, did not work, they are unsure what the Russians wanted to do.

Other attacks have been aimed at intercepting and monitoring communications, gaining information or disrupting systems and operations.

A senior government official, who spoke to journalists including The Independent on condition of anonymity, said British authorities, institutions and companies were being attacked “all the time” and the OPCW plot was part of a much wider campaign.

“Russian intelligence services are constantly conducting operations that to try to compromise UK government networks and critical infrastructure,” he added.

“We’re learning from events like this – it’s a demonstration that we are able to track and disrupt these activities but we have to continue to be vigilant.

“There was a huge amount of cooperation and effort that went into identifying and disrupting this [OPCW plot] and I certainly wouldn’t underestimate their capabilities.”

The official could not confirm that all previous attempted cyberattacks had been foiled but said security services “disrupt everything we see”.

“The GRU is testing the strength of the west’s intelligence services and there is a message here about our capabilities,” he added.

The briefing was part of a wave of announcements in Britain, the Netherlands and US naming the GRU responsible for global cyberattacks committed by groups going by names including APT28, Fancy Bear, Sofacy, Sandworm and CyberCaliphate.

Incidents listed by the UK government include attacks on Ukrainian infrastructure, the Democratic National Committee, anti-doping agencies and authorities investigating the downing of flight MH17.

As Nato and other countries backed calls for accountability, British authorities said the public disclosures aimed to make collaboration between allies “more evident to the wider world”.

A second government official said the timing and targeting of operations suggested that when there are international investigations into Russian activity, the “GRU seems to deploy”.

Inspectors from the Organisation for the Prohibition of Chemical Weapons (OPCW) arrive to begin work at the scene of the nerve agent attack in Salisbury (Reuters/Peter Nicholls)

“This [announcement] is not with an aim to escalate – there is no quibble at all with the Russian people – but to deter this activity and defend ourselves,” she added.

Asked whether the UK was going to hit back at Russia with similar tools, she said that British intelligence agencies could not be “put in the same moral and ethical bucket”.

British officials say they do not know how Russia will react to the latest revelations, but are expecting a fresh swell of disinformation and conspiracy theories.

The Kremlin reacted angrily to the allegations, dismissing them as “fantasies” amid heightened tensions over the attempted assassination of Sergei Skripal in Salisbury.

British authorities named two GRU agents as the culprits and issued international warrants for their arrest over the poisoning and later death of Dawn Sturgess, who came into contact with a discarded bottle of novichok.

The substance used was tested at the Porton Down laboratory, before the OPCW took additional samples to verify the presence of novichok.

The four GRU agents travelled to the watchdog’s headquarters in the Netherlands amid work on the Salisbury samples, while the OPCW was also due to analyse chemical weapons allegedly used by Russia’s ally Bashar al-Assad in Douma.

They were caught outside the OPCW’s headquarters in a hire car carrying specialist equipment to hack wifi networks on 13 April.

Equipment found with four GRU officers arrested outside the OPCW headquarters in April

Dutch investigators said the spies attempted to destroy their equipment and phones as police moved in but did not succeed, leaving an unprecedented haul of intelligence that has since been used to uncover their other activities.

Ticket purchases and internet searches showed that they later intended to travel onwards to the OPCW-accredited Spiez laboratory in Switzerland, which was testing novichok samples from Salisbury at the time.

The Russian men taken into custody, travelled under the names Aleksei Sergeyvich Morenets, Evgenii Mikhaylovich Serebriakov, Oleg Mikhaylovich Sotnikov and Alexey Valeryevich Minin.

They had arrived in The Hague three days earlier on diplomatic passport and investigators at Bellingcat and The Insider said the identities listed were real, rather than aliases used as cover.

Two of the passports – for the “cyber-operators” involved – were issued on the same day in April 2017 and have numbers just one digit apart.

The two GRU assassins who poisoned Mr Skripal in Salisbury were found to be travelling on fake passports that were three digits apart.

In a joint statement, Theresa May and Dutch prime minister Mark Rutte said the GRU had shown “disregard for the global values and rules that keep us all safe”.

“The GRU’s reckless operations stretch from destructive cyber activity to the use of illegal nerve agents, as we saw in Salisbury,” they added.

“We will uphold the rules-based international system and defend institutions from those that seek to do them harm.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in