(Cyber) GRU (V): October 2018

If 2018 was already a bad year for the GRU, on October 4th, different Western countries gave the final touch to the Service by publishing information about their operations and agents: it is the Netherlands, the United Kingdom, Canada and the United States – and immediately Australia and New Zealand, as is normal, supported their allies. Summarizing: Holland and FVEY finish off the annus horribilis of the Service, as we will see in this post.

Holland

On October 4th, the Dutch military intelligence, the MIVD (Militaire Inlichtingen- en Veiligheidsdienst) published in a press conference ([1]) the operation carried out in April in which four GRU members were identified and expelled from the country on charges of attacking the Organization for the Prohibition of Chemical Weapons (OPCW); as the US Department of Justice did in July, it provides a wealth of detail about the identities, techniques, security measures, objectives … of GRU agents operating on Dutch soil with diplomatic passports. According to this information, four agents of the Service (two assigned to Unit 26165, Aleksei SERGEYEVICH MORENETS and Evgenii MIKHAYLOVICH SEREBRIAKOV, and two possibly assigned to Unit 22177, Alexey VALEREVICH MININ and Oleg MIKHAYLOVICH SOTNIKOV) land on April 10 in the Netherlands and are received by staff from the Russian Embassy in this country, they rent a car and execute a close access operation to try to compromise the security of the OPCW. They are identified, money is seized in cash and technical equipment (which of course is analyzed in detail, showing data from other operations) that includes devices to attack wireless networks and are accompanied to an Aeroflot plane that returns them to Russia. In the face of serious Dutch accusations, Russia defends that its agents simply conducted a security inspection at the country’s embassy in the Netherlands.

UK

The NCSC (National Cyber Security Center), dependent on the British GCHQ, on October 4th also gives a new and hard blow to the GRU [2]: as we have said before, it accuses the Russian service, directly and openly, of various cyber-attacks, including against the anti-doping agency WADA or the US DNC. Without the display of evidence from the Dutch, the British accuse the GRU – and identify it directly with APT28 – of attacks against the International Anti-Doping Agency (WADA), the DNC, critical infrastructure in the Ukraine or the Organization for the Prohibition of Chemical Weapons (OPCW). In all cases it explicit states “NCSC assess with high confidence that the GRU was almost certainly responsible”: this high level of confidence in their statements makes the British government to directly accuse the Kremlin of these attacks; it further indicates that the NCSC will continue to work with its allies to bring the GRU’s activities and methods to light (a particularly significant phrase).

USA

That same day the Department of Justice published a new accusation against GRU agents. On this occasion, seven agents of the Service were identified, four of whom were expelled from Holland in April and the remaining three had been identified in July by the same Department. The following table shows the summary of these identities:

 

Unit Name Job Position Aliases Previous accusations
26165 Aleksei SERGEYEVICH MORENETS Lexa
26165 Evgenii MIKHAYLOVICH SEREBRIAKOV Zhenya
26165 Artem ANDREYEVICH MALYSHEV Lieutenant djangomagicdev
realblatr
DNC
26165 Ivan SERGEYEVICH YERMAKOV Kate S. Milton
James McMorgans
Karen W. Millen
DNC
26165 Dimitry SERGEYEVICH BADIN Assistant Head of Department DNC
22177 Alexey VALEREVICH MININ
¿22177? Oleg MIKHAYLOVICH SOTNIKOV

 

The Department of Justice accuses ([3]) all of them of attacks, in addition to companies such as WestingHouse Electric Company, anti-doping organizations such as WADA, of which we have already spoken, the USADA (US Anti Doping Agency) or the CCES (Canadian Center for Ethics in Sport), among others. In particular, and hence the issue of the arrest warrant issued by the FBI shown in the image, the GRU apparently focused on attacking this type of organizations linked to sport, perhaps as a result of the accusations against Russia of systematic doping of its athletes and its impact on the Rio de Janeiro Olympics in 2016.

Search poster published by the FBI (October 2018)

Canada

Finally, on the same day, Canada also joined the official accusations against the GRU by publicly demonstrating ([4]), albeit more succinctly than the rest of the countries, that the Russian Service, again identified with APT28, attacked WADA – headquartered in Canada – and the Canadian Center for Ethics in Sport, and also blames the GRU for the attacks on OPCW in the Netherlands, thus supporting its allies. All this, as in previous cases, with high confidence. For this reason, the Canadian government considers the Russian government directly responsible for a violation of international laws and established norms.

References

See also in: