GRU cyber attacks against Olympic Games condemned

The UK has exposed malicious cyber activity from Russia’s GRU military intelligence service against organisations involved in the 2020 Olympic and Paralympic Games before they were postponed.

The activity involved cyber reconnaissance by the GRU targeting officials and organisations involved in the Games, which had been due to take place in Tokyo during the summer. Because of the global coronavirus pandemic, the games have now been postponed until next year.

In the attacks on the 2018 Games, the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games.

The incidents were the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games, with the UK also revealing details of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.

The National Cyber Security Centre assesses ‘with high confidence’ that these attacks were carried out by the GRU’s Main Centre for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear. The NCSC assesses that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks.

Paul Chichester, the NCSC’s Director of Operations, said: “We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the US Department of Justice. These attacks have had very real consequences around the world – both to national economies and the everyday lives of people. We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyberspace.”