UK Foreign Secretary welcomes decisive action to hold perpetrators to account
for Fancy Bear cyber attack in 2015.
The UK has announced it will enforce asset freezes and travel
bans against two Russian GRU officers and the GRU’s military
intelligence unit 26165 – codenamed APT28 and Fancy Bear – which
were responsible for the 2015 cyber attacks on Germany’s
Parliament.
Today’s sanctions have been made under the EU’s regime and form
part of the UK’s ongoing partnership with its allies to send a
message to Russia that there will be consequences for its
malicious cyber activity. The sanctions come into force
immediately. The attribution of this anti-democratic attack by
Russia further exposes its pattern of malign behaviour intended
to undermine international law and institutions.
The GRU is the main military intelligence wing of the Russian
Armed Forces and its cyber units have been responsible for a
number of cyber attacks in recent years including - as the UK and
US revealed this week - unit 74455 committed an attack on the
2018 Winter and targeted the postponed 2020 Summer Olympic Games.
The reckless cyber attacks by unit 26165 on Germany’s Parliament
in 2015 targeted information systems, stole significant amounts
of data and affected email accounts belonging to German MPs and
the Vice Chancellor.
Foreign Secretary said:
The UK stands shoulder to shoulder with Germany and our
European partners to hold Russia to account for cyber attacks
designed to undermine Western democracies. This criminal
behaviour brings the Russian Government into further disrepute.
The UK was at the forefront of efforts to establish the EU Cyber
Sanctions regime and will implement our own autonomous Cyber
Sanctions regime at the end of the Transition Period. We are
committed to working with our international partners to enforce
responsible behaviours and promote international security and
stability in cyberspace. The UK has laid the statutory instrument
for our cyber sanctions regime, which will allow us to impose
travel bans and asset freezes on individuals and organisations.
Background
-
On 30 July, the first EU and UK cyber sanctions were
introduced against Unit 74455 of the GRU, the Russian
military intelligence service for the ‘NotPetya’ cyber attack
in June 2017 and against four GRU officers who attempted a
cyber attack against the Organisation for the Prohibition of
Chemical Weapons (OPCW) in 2018
-
APT28 are capable cyber actors who have been active since at
least 2004. They are known by industry nicknames including
Strontium, Sofacy Group, Pawn Storm, Fancy Bear and Sednit,
and the UK has previously exposed APT28 as part of the GRU,
the Russian military intelligence services. NCSC assessed
with high confidence that the GRU was almost certainly
responsible for malicious cyber attacks against the US
Democratic National Congress in 2016, and the World
Anti-Doping Association in 2016
|
Attack
|
NCSC assessment
|
|
In August 2016, confidential medical files relating to a
number of international athletes were released. WADA stated
publicly that this data came from a hack of its Anti-Doping
Administration and Management system.
|
NCSC assess with high confidence that the GRU was almost
certainly responsible.
|
|
In 2016, the Democratic National Committee (DNC) was hacked
and documents were subsequently published online.
|
NCSC assess with high confidence that the GRU was almost
certainly responsible.
|
|
Between July and August 2015 multiple email accounts
belonging to a small UK-based TV station were accessed and
content stolen.
|
NCSC assess with high confidence that the GRU was almost
certainly responsible.
|
|
In April and May 2015 the German federal parliament
(Deutscher Bundestag) was attacked, during the attack a
significant amount of data was stolen and the email
accounts of several MPs as well as Chancellor Angela Merkel
were affected.
|
NCSC assess with high confidence that the GRU was almost
certainly responsible.
|
