sb-nz logo
Story image

GCSB exposes Russia's involvement in malicious cyber attacks

04 Oct 2018

New Zealand’s Government Communications Security Bureau (GCSB) and the UK's National Cyber Security Centre (NCSC) are the finger squarely at Russsian government for its role in malicious cyber activity and spying on international political institutions, businesses, sporting organisations, and media.

Today the GSCB released an announcement saying it has ‘established clear links’ between the Russian government and the alleged activities through a process of attribution.

The GRU is the Russian military intelligence service and is known by a number of different names and attacks. APT28, Fancy Bear, Sofacy, STRONTIUM, Sednit, Pawnstorm, CyberCaliphate, Cyber Berkut, Voodoo Bear, BlackEnergy Actors, Tsar Team, and Sandworm are just a few.

The GRU’s cyber activities date back as far as 2015, when accounts belonging to a small UK-based TV station were hacked and stolen. 

In June 2016, attackers struck again, this time in a targeted attack against the United States Democratic national Committee. Attackers hacked documents and then published them online.

Just one month later in August 2016, The World Anti-Doping Agency (WADA) admitted that its Anti-Doping Administration and Management system was hacked. Attackers leaked private medical files belonging to high-profile athletes.

The fourth incident took place in October 2017 when the BadRabbit malware struck Russia and the Ukraine.

According to GCSB director-general Andrew Hampton, its robust attribution process demonstrates strong links between the four incidents and the Russian government.

"The nature of these campaigns is complex. The GCSB’s assessment found it was highly likely the GRU was behind the campaigns and that a number of cyber proxy groups associated with these incidents are actors of the Russian state,” Hampton explains.

The GCSB’s findings don’t stand alone: The United Kingdom’s National Cyber Security Centre (NCSC) has also released its own findings. They are consistent with GCSB findings and also attributes the attacks to the GRU.

A statement from UK Foreign Secretary Jeremy Hunt says that the attacks don’t serve any legitimate national security interest – instead they just disrupted people’s daily lives. 

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Hunt says.

“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

While New Zealand organisations were not directly affected by the four incidents the GCSB investigated, Hampton says that there are activities in New Zealand that can be linked to Russian state actors.

“Such behaviour is unacceptable – it is counter to New Zealand’s vision for an open, safe and secure cyberspace,” Hampton says.

“These incidents reinforce the need for New Zealand to have robust national systems to address cyber threats. Initiatives such as the GCSB’s CORTEX cyber defence capabilities and the proposed expansion of the Malware-Free Networks programme help protect our nationally significant organisations.”   The government says its Cyber Security Strategy refresh aims to ensure New Zealand is able to handling increasing numbers of cybersecurity threats.

The GCSB conducted research through its own cyber threat analysis and material from its partners.

Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
The business case for an in-house ethical hacker
Ethical hackers, also known as penetration testers or white-hat hackers, mimic the techniques used by malicious hackers to try and break into computer systems and discover vulnerabilities before the bad guys can exploit them.More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More