Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Russia cyberattacks timeline: when and where the GRU are accused of targeting western institutions

Details revealed after UK government accuses Kremlin of a wave of strikes across the globe

Tom Batchelor
Thursday 04 October 2018 14:34 EDT
Comments
Jeremy Hunt says Russia will see consequences for 'flouting' the law

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Russian intelligence officers have been accused of launching cyberattacks on a range of international institutions, including global chemical weapons watchdog investigating the Salisbury novichok attack.

Officials in the Netherlands, where the Organisation for the Prohibition of Chemical Weapons (OPCW) is based, said the Russian GRU used two different methods to attempt to carry out cyberattacks on several targets – known as close access and spear phishing.

Dutch authorities said four GRU officers parked a car carrying specialist hacking equipment including laptops, wifi and batteries outside the headquarters of the OPCW in The Hague. Then they attempted close access attack.

However, the arrests in April have a trail stretching back several years and possibly much further.

Here is a timeline of events in the lead-up to the latest allegations against the GRU:

2014

17 July: Malaysia Airlines Flight 17 is downed by a Russian missile system in Ukraine. Data from laptops of men arrested in the Netherlands in April 2018 show they travelled to Malaysia during the investigation into the crash.

2015

July and August: Multiple email accounts belonging to a small UK-based TV station are accessed and content stolen. The UK’s National Cyber Security Centre (NCSC) subsequently declares with “high confidence that the GRU was almost certainly responsible”.

2016

June and July: The Democratic National Committee (DNC) is hacked and documents subsequently published online. Again, the NSCS says it has high confidence the Russian intelligence services were responsible.

2017

June: A cyberattack targets the Ukrainian financial, energy and government sectors but spreads further, affecting other European and Russian businesses. NCSC says with high confidence that the GRU was almost certainly responsible.

August: Confidential medical files relating to a number of international athletes are released. The World Anti-Doping Agency (Wada) stated publicly that this data came from a hack of its Anti-Doping Administration and Management system. The NCSC again states that GRU was almost certainly behind the attack.

24 October: BadRabbit ransomware – a type of malware (malicious software) that prevents users from accessing their system or personal files and demands ransom payment in order to regain access – causes disruption. The metro in Ukraine’s capital Kiev is affected, along with the airport in Odessa. Russia’s central bank and two Russian media outlets are also hit. Russia again accused by the NCSC of being behind the attack.

October: Malware infected thousands of home and small business routers and network devices worldwide. The infection potentially allowed attackers to control infected devices, render them inoperable and intercept or block network traffic, the UK government says.

2018

4 March: Former Russian double agent Sergei Skripal and his daughter, Yulia, discovered unconscious on a bench in the Wiltshire city of Salisbury. The finger of blame is quickly pointed at the Russian security services.

Later in March: GRU carries out unsuccessful “spearfishing” attack on the Foreign Office, according to UK government.

Early April: Computers at the Ministry of Defence laboratory at Porton Down, which was carrying out tests linked to the Skripal poisoning, are targeted.

7 April: More than 40 people killed in suspected chemical weapons attack on Douma. Syrian government denies ever using chemical weapons while its ally Russia claims to have evidence the incident was staged with the help of the UK.

10 April: Four GRU officers travelling on official Russian passports enter the Netherlands.

Russia cyber attacks: UK ambassador to the Netherlands praises Dutch intelligence services

13 April: Four Russian men found with specialist equipment near the OPCW headquarters are arrested. The OPCW had been investigating both the novichok poisoning of Mr Skripal his daughter and analysing the chemical weapons attack in Douma.

5 September: Theresa May names two Russian nationals suspected of travelling to Salisbury to carry out the poisoning as Alexander Petrov and Ruslan Boshirov.

4 October: GRU accused of carrying out a swathe of attacks in the UK and abroad on political institutions, financial systems, transport networks and the media. Authorities say that a laptop recovered in a car used by the four men arrested in April contains information which suggests they were present in Lausanne for the world anti-doping conference.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in