UK and partners condemn GRU cyber attacks against Olympic and Paralympic Games

The activity involved cyber reconnaissance by the GRU targeting officials and organisations involved in the Games, which had been due to take place in Tokyo during the summer. The targets included the Games’ organisers, logistics services and sponsors.

The incidents were the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games, with the UK also revealing details of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang in the Republic of Korea.

The National Cyber Security Centre (NCSC assesses “with high confidence” that these attacks were carried out by the GRU’s Main Centre for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear.

Details were released after the US Department of Justice announced criminal charges against Russian military intelligence officers working for the GRU’s cyber unit for conducting cyber attacks against the 2018 Winter Games and other cyber attacks.

Foreign Secretary Dominic Raab has issued a statement making it perfectly clear that the Russian Government cannot act with impunity. Raab commented: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms. The UK will continue to work with our allies to call out and counter future malicious cyber attacks.”

Paul Chichester, the NCSC’s director of operations, added: “We condemn these attacks carried out by the GRU and fully support the criminal charges announced by the US Department of Justice. These attacks have had very real consequences around the world, both to national economies and the everyday lives of people. We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyber space.”

In the attacks on the 2018 Games, the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the event.

The GRU deployed data-deletion malware against the Winter Games IT systems and targeted devices across the Republic of Korea using VPNFilter.

The NCSC assesses that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks. Administrators worked to isolate the malware and replace the affected computers, in turn preventing potential disruption.