Britain has accused Russian intelligence of carrying out a series of cyberattacks on the 2020 Summer Olympics in Tokyo with security officials warning that the postponed games due to take place next year may also be targeted.
UK and allied intelligence services discovered that the Russian military intelligence service, GRU, attempted to disguise itself as Chinese and North Korean hackers in “false-flag” operations to disrupt the games.
The attacks started, according to security officials, in September last year, days before the World Anti-Doping Agency (Wada) threatened to ban Russian athletes from the Olympics and other major international sporting events.
The GRU, which has been accused, among other things, of the Salisbury Novichok poisoning and the hacking of the Democratic National Committee (DNC) computers during the 2016 US election campaign, also carried out cyberattacks on the 2018 Winter Olympics in South Korea, using the malware “Olympic Destroyer”.
Foreign secretary Dominic Raab said: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms. The UK will continue to work with our allies to call out and counter future malicious cyberattacks.”
In July the European Union issued its first ever sanctions against those accused of cyberattacks including a unit of the GRU. Britain and the European Union have imposed sanctions on Alexander Petrov and Ruslan Boshirov, the two Russian military intelligence officers accused of carrying out the Salisbury poisoning, as well as the leadership of the service, including GRU chief, Igor Olegovich Kostyukov, and his deputy, Vladimir Stepanovich Alexseyev.
Last week the UK and the European Union imposed sanctions on senior Kremlin officials, including Alexander Bortnikov, the head of the Federal Security Service (FSB), the successor intelligence agency to the Soviet KGB, over the poisoning of the opposition leader Alexei Navalny.
The Foreign Office and the National Cyber Security Centre (NCSC) said: “Russia’s military intelligence service - the GRU - conducted cyber reconnaissance against officials and organisations at the 2020 Olympic and Paralympic Games due to take place in Tokyo this summer before they were postponed. The targets included the games’s organisers, logistics services and sponsors.
“The attacks on the 2020 summer games are the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games. The UK is confirming for the first time today the extent of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.
“The GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony of the 2018 Winter Games. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games in 2018.”
The NCSC stated that the cyberattacks were committed by the GRU’s Main Centre for Special Technologies (GTsST), known by its field post number 74455 in security circles, and also as Sandworm, BlackEnergy Group, Telebots VoodooBear, Iron Viking, Quedagh, Electrum, Industroyer and G0034.
In March 2018, says the NCSC, the GRU attempted to compromise the Foreign Office’s computers in London, and in April 2018 it attempted to hack the system at Defence and Science Technology Laboratory (DSTL). In October 2017 malware was used to infect thousands of home and small business routers and network devices worldwide.
On the 2018 Olympics attack, the NCSC says “intent behind the incident was almost certainly sabotage as the malware was designed to wipe data from and disable computers and networks. Disruption to the Winter Olympics could have been greater if it had not been for administrators who worked to isolate the malware and replace affected computers”.
Black Energy, Industroyor, NotPetya and BadRabbit carried out severe cyberattacks on Ukraine between 2015 and 2017, says NCSC. In October 2019 the GRU is also said to have carried out large-scale cyberattacks on Georgia.