Russia's military and its intelligence agency the GRU are responsible for a “pattern of malicious cyber activity,” the Australian government has alleged.
In a statement released this morning, the government said that state-backed Russian hackers had targeted political, business, media and sporting institutions around the world.
“While Australia was not significantly impacted, this activity affected the ability of the public in other parts of the world to go about their daily lives,” a statement issued by Prime Minister Scott Morrison and foreign minister Marise Payne said.
“It caused significant, indiscriminate harm to civilian infrastructure and resulted in millions of dollars in economic damage, including in Russia.
“This is unacceptable and the Australian government calls on all countries, including Russia, to refrain from these types of malicious activities.”
The UK National Cyber Security Centre (NCSC) today released details of four incidents it has newly attributed to the GRU. In all cases the NCSC said it had assessed with “high confidence” that the GRU was “almost certainly responsible”.
Those incidents included:
• Between July and August 2015, multiple email accounts belonging to a small UK-based TV station were accessed by the Russian military and content stolen.
• The October 2017 Bad Rabbit ransomware wave that affected energy and transport infrastructure in Ukraine and Russia.
• The 2016 US Democratic National Committee hack.
• The release of confidential medical files relating to international athletes, which the World Anti-Doping Agency has said were obtained by hacking its Anti-Doping Administration and management system.
Earlier this year the NCSC along with the FBI and US Department for Homeland Security said that Russian state-sponsored actors were responsible for the October 2017 VPNFILTER malware wave that targeted network routers. The Australian government joined the US and the UK in blaming Russia.
The NCSC has also claimed that the GRU was responsible for the June 2017 NotPetya malware outbreak that initially targeted the Ukrainian financial, energy and government sectors.
The NCSC says that the GRU is associated with the groups known as APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berkut, Voodoo Bear, BlackEnergy Actors, STRONTIUM, Tsar Team, and Sandworm.
Morrison and Payne said the Australian government’s assessment of Russia’s responsibility was based on advice from Australian intelligence agencies and consultation with partners and allies.
“By embarking on a pattern of malicious cyber behaviour, Russia has shown a total disregard for the agreements it helped to negotiate,” the government statement said.
Australia in October launched its International Cyber Engagement Strategy, which argued that “cyberspace” should be subject to international law and norms of acceptable behaviour.
The strategy “recognises that there must be consequences for those who act contrary to the consensus on international law and norms,” the statement said.
“A first step is to attribute malicious behaviour publicly – as we are doing today. Our message is clear: the rule of law applies online, just as it does offline. We will protect the rules-based international order online, just as we do offline.”