October 10, 2018

IntelBrief: Russian Cyber Espionage, Crimes, and Hooliganism

An employee of Global Cyber Security Company develops a computer code in an office in Moscow, Russia (AP Photo/Pavel Golovkin) .

  • Russia continues to attack the data and computer networks of Western countries and organizations.
  • Moscow will target any organization that seeks to report the truth on the Kremlin’s criminal activities, from the downing of flight MH-17 to more banal Russian actions like sports doping.
  • On October 4, numerous Western countries detailed their accusations that Russia was engaged in systemic ‘malicious’ cyber activities on a massive scale.
  • As usual, Russia dismissed the accusations and evidence as ‘fake’ and moved quickly to encourage its online troll army to sow disinformation and spread doubt.



On October 4, the United Kingdom, New Zealand, and Australia joined a growing chorus of Western countries that have publicly accused Russia of a wide-ranging campaign of cyber espionage, criminal activities, and general hooliganism. British Foreign Secretary Jeremy Hunt stated the United Kingdom’s National Cyber Security Centre (NCSC) determined that the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (officially now abbreviated at GU, but far more commonly referred to as GRU) had engaged in attacks on government and corporate data networks, causing millions of dollars in damage around the globe. Hunt stated that ‘the GRU's actions are reckless and indiscriminate,’ and added that no entities were off limits, including Russian firms.

Also on October 4, the Dutch government announced the expulsion of four Russians who were caught attempting to hack into the wireless network of the Organisation for the Prohibition of Chemical Weapons (OPCW), headquartered in The Hague. The Dutch intelligence agency, MIVD, had surveilled the four men and detained them in the parking lot of a hotel next to the OPCW headquarters. Their car was filled with incriminating evidence, which the Dutch promptly seized.

The GRU has suffered several high-profile, embarrassing exposures of late, from getting caught in the act at the OCPW headquarters to having their officers identified soon after a failed assassination attempt in Salisbury, England, where a deadly chemical agent was used. The sequential issuance of passport numbers to GRU officers was also a serious flaw in the tradecraft of espionage. However, much of this is irrelevant because Russia barely attempts to disguise its activities and will not be discouraged from future actions even after credible accusations similar to the recent episode in Holland. Moscow simply dismisses the accusations as fake news or a plot in which Russia perpetually plays the victim.

The GRU targets individuals or groups that might expose Russia’s malfeasance or incompetence. The OPCW ended up in the GRU’s crosshairs after its role in investigating the Salisbury attack, in which the two men used a Soviet-created chemical agent called Novichok. It had previously attacked the networks of officials investigating the downing of flight MH-17 over eastern Ukraine by Russian-supported rebels using a Russian-provided BUK missile system. In that 2014 incident, 298 people were murdered when separatists shot down a civilian airliner.

Also on October 4, the U.S. charged seven Russians with conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, and conspiracy to commit money laundering; five of the named Russians were also charged with aggravated identity theft. The U.S. charged the seven with hacking into the World Anti-Doping Agency and releasing the medical information of athletes and Olympians, apparently in retaliation for the decision to ban Russia from the 2018 Sumer Olympics following revelations of a widespread state-sanctioned sports doping program. As usual, Russia responded with outright derision and condescension. Russian Deputy Foreign Minister Sergei Ryabkov told reporters that ‘the abuse of this topic has reached such proportions and has acquired such scope that the very bringing of these charges makes their validity doubtful.’

In addition to directed hacking operations, Russia continues to deploy what has become perhaps its most effective weapon—mass doubt. To accomplish this, Russia relies on a combination of online trolls and ‘useful idiots’ to increase the deepening social cleavages within the U.S. and across the West. The unmasking of the OPCW operation is a significant success for an intelligence agency and an embarrassment for the Russians. Yet, Moscow will not cease its campaign of disinformation and subterfuge merely due to a recent string of amateurish blunders. After all, for the most part these operations work and are almost all consequence free. Indeed, Russia cares little about international condemnation and its officials will not be extradited to face trial in the West, meaning these attacks will continue indefinitely, unless the West can find a way to deter Putin and impose significant costs to ongoing Russian adventurism.


For tailored research and analysis, please contact:


[video width="960" height="540" mp4="" poster=""][/video]