A UK government spokesperson said:
The United Kingdom stands with the European Union, Germany, Czechia and other allies in strongly condemning malicious cyber activity by Russian Intelligence Services.
Today's statements from our allies demonstrate the scale, persistence, and seriousness of unacceptable Russian behaviours in cyberspace.
Recent activity by Russian GRU cyber group APT28, including the targeting of the German Social Democratic Party executive, is the latest in a known pattern of behaviour by the Russian Intelligence Services to undermine democratic processes across the globe.
On 7 December 2023, the UK exposed a series of attempts by the Russian Intelligence Services to target high-profile UK individuals and entities through cyber operations. At the same time, we sanctioned two Russian nationals responsible for political interference.
With multiple elections around the world in 2024, raising awareness of the threat to the UK and our international partners remains vitally important for our collective resilience.
Today, as part of a broad coalition of allies, we are making clear to the Russian state that we will continue to identify, expose, and respond to such unacceptable activity.
Background
- APT28 are capable cyber actors who have been active since at least 2004. They are known by industry nicknames including Strontium, Sofacy Group, Pawn Storm, Fancy Bear, and Sednit.
- The UK has previously exposed APT28 as part of the GRU, the Russian military intelligence service, including:
- In 2018, the UK and the Netherlands exposed an attempted attack against the Organisation for the Prohibition of Chemical Weapons (OPCW) by APT28, aimed at disrupting independent analysis of chemicals weaponised by the GRU in the UK.
- In 2020, the UK announced sanctions against APT28 and two individual GRU officers for their reckless cyber-attacks on Germany's Parliament in 2015, which affected email accounts belonging to German MPs and the German Vice Chancellor.
- In 2023, the UK and US technical communities released a joint advisory to provide details of tactics, techniques and procedures associated with APT28's exploitation of Cisco routers in 2021.
- The UK Government also supports Germany's assessment that APT28 exploited critical security vulnerabilities in Microsoft Outlook directed against email accounts of the German Social Democratic Party.
