The UK has announced it will enforce asset freezes and travel bans against two Russian GRU officers and the GRU’s military intelligence unit 26165 – codenamed APT28 and Fancy Bear – which were responsible for the 2015 cyber attacks on Germany’s Parliament.
Today’s sanctions have been made under the EU’s regime and form part of the UK’s ongoing partnership with its allies to send a message to Russia that there will be consequences for its malicious cyber activity. The sanctions come into force immediately. The attribution of this anti-democratic attack by Russia further exposes its pattern of malign behaviour intended to undermine international law and institutions.
The GRU is the main military intelligence wing of the Russian Armed Forces and its cyber units have been responsible for a number of cyber attacks in recent years including – as the UK and US revealed this week – unit 74455 committed an attack on the 2018 Winter and targeted the postponed 2020 Summer Olympic Games. The reckless cyber attacks by unit 26165 on Germany’s Parliament in 2015 targeted information systems, stole significant amounts of data and affected email accounts belonging to German MPs and the Vice Chancellor.
Foreign Secretary Dominic Raab said:
The UK stands shoulder to shoulder with Germany and our European partners to hold Russia to account for cyber attacks designed to undermine Western democracies. This criminal behaviour brings the Russian Government into further disrepute.
The UK was at the forefront of efforts to establish the EU Cyber Sanctions regime and will implement our own autonomous Cyber Sanctions regime at the end of the Transition Period. We are committed to working with our international partners to enforce responsible behaviours and promote international security and stability in cyberspace. The UK has laid the statutory instrument for our cyber sanctions regime, which will allow us to impose travel bans and asset freezes on individuals and organisations.
On 30 July, the first EU and UK cyber sanctions were introduced against Unit 74455 of the GRU, the Russian military intelligence service for the ‘NotPetya’ cyber attack in June 2017 and against four GRU officers who attempted a cyber attack against the Organisation for the Prohibition of Chemical Weapons (OPCW) in 2018
APT28 are capable cyber actors who have been active since at least 2004. They are known by industry nicknames including Strontium, Sofacy Group, Pawn Storm, Fancy Bear and Sednit, and the UK has previously exposed APT28 as part of the GRU, the Russian military intelligence services. NCSC assessed with high confidence that the GRU was almost certainly responsible for malicious cyber attacks against the US Democratic National Congress in 2016, and the World Anti-Doping Association in 2016
|In August 2016, confidential medical files relating to a number of international athletes were released. WADA stated publicly that this data came from a hack of its Anti-Doping Administration and Management system.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In 2016, the Democratic National Committee (DNC) was hacked and documents were subsequently published online.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|Between July and August 2015 multiple email accounts belonging to a small UK-based TV station were accessed and content stolen.||NCSC assess with high confidence that the GRU was almost certainly responsible.|
|In April and May 2015 the German federal parliament (Deutscher Bundestag) was attacked, during the attack a significant amount of data was stolen and the email accounts of several MPs as well as Chancellor Angela Merkel were affected.||NCSC assess with high confidence that the GRU was almost certainly responsible.|