UK points the finger at Russia’s GRU over four major cyberattacks

4 Oct 2018

The Kremlin. © Maxim Loskutnikov/

A UK assessment of Russia’s military intelligence unit, GRU, casts it as a deleterious aggressor when it comes to cyberwarfare.

The world of cyberespionage and digital manipulation of the public has been in the spotlight for the last number of years, as the internet became a fully-fledged frontier for geopolitical conflict.

A litany of cyberattacks

A new assessment from the UK’s National Cybersecurity Centre (NCSC) alleges that Russia’s military intelligence agency, GRU, was almost certainly behind the BadRabbit and World Anti-Doping Agency attacks, the DNC hack of 2016, and the theft of emails from a television station in the UK in 2015.

In total, the NCSC listed six attacks linked to Russia in its report, with four of these explicitly attributed to the GRU for the first time.

The NCSC report also included a series of GRU aliases, including well-known names such as Fancy Bear, APT28 and Sandworm, as well as less well-known monikers such as Tsar Team.

UK foreign secretary Jeremy Hunt said the GRU’s actions are “reckless and indiscriminate”, adding that they try to “undermine and interfere in elections in other countries”. He added that the UK, along with other countries, would “expose and respond to the GRU’s attempts to undermine international stability”.

What is the GRU?

The GRU (which stands for Main Intelligence Directorate in Russian) now goes by GU, but the older acronym is more commonly used. It answers directly to the chief of general staff and the Russian minister of defence. The number of staff it employs and its inner workings are guarded state secrets.

The NCSC said it had assessed “with high confidence” that the GRU was responsible for the four cyberattacks. UK police also believe that the men who carried out the March poisoning in Salisbury work for the GRU.

A Russian spokesperson told the BBC the accusations from the UK were “a rich fantasy”. Russia has also repeatedly denied ordering the attempted murder of former double agent Sergei Skripal and his daughter Yulia in Salisbury.

While the US government has had no hesitation in placing blame at Russia’s door, the UK administration has historically been less swift to do the same. This announcement marks a major change for the way the country has dealt with this issue up until now.

Updated, 4 October 2018 at 12.52pm: This article has been amended to clarify the number of attacks cited in the report and the number explicitly linked to the GRU.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects