Russia’s Sandworm and FancyBear cyberattacks exposed

prototype-russian-dollsIn an extensive press conference on Thursday morning, Dutch intelligence officials announced the expulsion of four Russians travelling on diplomatic passports. The four are accused of cyberattacks and espionage linked to the Skripal nerve agent poisoning in Britain, the Organisation for the Prevention of Chemical Weapons (OPCW) and even the 2014 flight MH17 airplane missile attack that killed 298 people aboard including 28 Australians in the Ukraine.

Espionage hardware and a laptop are said to link the group to Malaysia. Dutch Defence Minister Ank Bijleveld said that the group was trying to execute a “close access hack operation” with electronic equipment in the boot of a Citroen rental automobile from the car park of a hotel next door to the OPCW.

On Wednesday, Australian Prime Minister Scott Morrison accused Russia’s GRU of a “pattern of malicious cyber activity”.

Also Thursday, the US Justice Department issued grand jury indictments against seven Russians related to “state-sponsored hacking and disinformation campaigns” aimed at international anti-doping organisations and the US nuclear engineering firm Westinghouse. Using the same phrases as the Dutch officials, the US DOJ said that “close access teams hacked computer networks used by victim organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks.”

Responding to the reports that began in the Netherlands and the UK, Russian Foreign Ministry spokeswoman Maria Zakharova denied involvement saying, “The rich imagination of our colleagues from Britain truly knows no bounds.”

Read more: DOJ (US) / UK Government / Government of Canada / BBC / ABC

Image: CHP Grey / CC-BY 2.0

This story is taken from the 5 October 2018 edition of The Warren Centre’s Prototype newsletter. Sign up for the Prototype here.