Britain and the United States on Monday condemned what they said were a litany of malicious cyberattacks orchestrated by Russian military intelligence, including attempts to disrupt next year’s Olympic and Paralympic Games in Tokyo.
British and U.S. officials said the attacks were conducted by Unit 74455 of Russia’s GRU military intelligence agency, also known as the Main Centre for Special Technologies.
In an indictment unsealed on Monday, the U.S. Justice Department said six members of the unit had played key roles in attacks on targets ranging from the Organisation for the Prohibition of Chemical Weapons to the 2017 French elections. The charges covered four years of malicious cyber activity, from 2015 to 2019.
British officials said the GRU hackers had also conducted “cyber reconnaissance” operations against organisers of the 2020 Tokyo Games, which were originally scheduled to be held this year but postponed because of the coronavirus outbreak.
The officials declined to give specific details about the attacks or whether they were successful, but said they had targeted Games organisers, logistics suppliers and sponsors.
Justice Department Assistant Attorney General John Demers declined to discuss the more recent attacks against the 2020 Games.
British Foreign Secretary Dominic Raab said: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.”
FBI Deputy Director David Bowdich said: “The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are.”
Russia was banned from the world’s top sporting events for four years in December over widespread doping offences, including the Tokyo Games which were originally scheduled for this year but postponed due to the coronavirus outbreak.
The attacks on the 2020 Games are the latest in a string of hacking attempts against international sporting organisations that Western officials and cybersecurity experts say have been orchestrated by Russia since its doping scandal erupted five years ago. Moscow has repeatedly denied the allegations.
Britain and the United States said on Monday the hackers were involved in other attacks, such as the hack of the 2018 Winter Olympics opening ceremony in South Korea, which compromised hundreds of computers, took down Internet access and disrupted broadcast feeds.
The attack in South Korea had previously been linked to Russia by cybersecurity researchers but was made to look like the work of Chinese or North Korean hackers, Britain’s foreign ministry said in a statement.
“The attacks on the 2020 Summer Games are the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games,” it said.
“The UK is confirming for the first time today the extent of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.”
Other offensive cyber operations allegedly conducted by the GRU officers since 2015, according to the Justice Department, included the global cyberattack known as NotPetya.
In 2017, destructive NotPetya malware spread globally out of Ukraine, infecting and locking up thousands of computers belonging to major corporations. Experts say NotPetya caused upwards of $1 billion in losses. At the time, companies publicly affected by NotPetya included FedEx Corporation and pharmaceutical giant Merck.