Authorities in the US, the UK, and the Netherlands are accusing intelligence agents from Russia’s Main Intelligence Directorate (commonly known as the GRU) of cyber crimes threatening the security of major national and international organizations and hundreds of individuals.
The victims are a varied bunch from around the world—from sports organizations to nuclear-energy companies. They were targeted for either their condemnation of Russia’s athlete-doping programs or investigations into national scandals, like the poisoning of a former Russian intelligence officer in the UK in March.
The US Department of Justice today (Oct. 4) announced the indictment of seven Russian intelligence officers for computer hacking, wire fraud, aggravated identity theft, and money laundering “as part of an influence and disinformation campaign designed to undermine, retaliate against, and otherwise delegitimize the efforts of international anti-doping organizations.” The “victims targeted by [Russian agents] were US and international anti-doping agencies, sporting federations, anti-doping officials, other sports-related organizations and nearly 250 athletes from approximately 30 countries,” among others, according to the indictment.
The hackers often conducted their hacking operations from Russia, the filing explains. When those distant efforts failed, however, they also set up “sophisticated” on-site operations and involved targeting the computer networks used by organizations or their personnel through wifi connections, like hotel networks, to gain unauthorized access.
- The US Anti-Doping Agency, headquartered in Colorado Springs, Colorado.
- The World Anti-Doping Agency, headquartered in Montreal, Canada.
- International Association of Athletics Federations, headquartered in Monaco.
- The Court of Arbitration for Sport, headquartered in Lausanne, Switzerland.
- The Federation Internationale de Football, headquartered in Zurich, Switzerland.
Other victims were described as having information of “potential benefit to Russian interests” and include:
- Westinghouse Electric Corporation, a Pennsylvania nuclear energy company.
- The Organization for the Prohibition of Chemical Weapons, headquartered in The Hague, Netherlands; it was investigating the use of chemical weapons in Syria and the March 2018 poisoning of a former Russian military intelligence officer in the UK.
- The Spiez Swiss Chemical Laboratory in Spiez, Switzerland, which had analyzed the chemical agency connected to the March 2018 poisoning in the UK.
The Netherlands today also accused four Russians of plotting to hack the Organization for the Prohibition of Chemical Weapons, which was probing a March 2018 chemical attack on a Russian ex-spy in the UK.
And the UK’s National Cyber Security Center also condemned Russia for tech crimes. It accused Russian agents of targeting the systems database of the Montreal-based World Anti-Doping Agency; using phishing to gain passwords and publishing athlete data; publishing emails and chats of the Democratic National Committee in the US in 2016; using ransomware to encrypt banking and media computers in Russia and the Ukraine in order to demand payments and; stealing content and breaking into the email accounts of a small, unnamed UK television station in 2015.
Russian foreign ministry, Maria Zakharova denied the hacking allegations. She said the UK’s accusations were “a diabolical perfume” and a “rich fantasy of our colleagues from Britain.”