The UK has unmasked Russian state-backed hackers as the perpetrators of cyber-attacks against officials and organizations connected with the postponed 2020 Tokyo Olympics.
The government blamed the attacks on military intelligence service the GRU’s Main Centre for Special Technologies (GTsST), also known by its field post number 74455 and more commonly as Sandworm, BlackEnergy and VoodooBear.
According to GCHQ’s National Cyber Security Centre (NCSC) the group targeted organizers, logistics services and sponsors.
Although the attacks only got to the reconnaissance stage, reports suggest the end goal was to disrupt the games — which Russia was excluded from due to a state-backed doping campaign — as happened with the 2018 Winter Olympic and Paralympic Games in Pyeongchang.
Designed to appear as if launched by state hackers from North Korea, those attacks two years ago deployed data deletion malware against IT systems at the games and targeted devices across South Korea using VPNFilter.
In the end, IT staff worked hard to contain the threat and replace affected computers, but the NCSC said that the intent was sabotage of the games.
As reported by Infosecurity at the time, the attackers still managed to cause some disruption, downing the official games website for around 12 hours ahead of the opening ceremony and interfering with Wi-Fi connectivity and TV pictures in the media center.
Foreign secretary, Dominic Raab, slammed Moscow for the attacks.
“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms,” he said in a statement. “The UK will continue to work with our allies to call out and counter future malicious cyber-attacks.”
The NCSC revelations came on the same day a US indictment against six alleged GRU officers was published. The charges claim the group were responsible for attacks targeting Ukrainian power stations in 2015 and 2016, French elections in 2017, NotPetya, and investigations into the Salisbury Novichok poisonings.