The United States and other Western nations leveled a torrent of new allegations against Moscow’s secretive GRU military spy agency on Thursday, accusing its agents of hacking anti-doping agencies, plane crash investigations and a chemical weapons probe as well as launching cyberattacks that rocked America’s 2016 election and crippled Ukraine in 2017.
The roll call of GRU malfeasance began at midnight in Britain, when British and Australian authorities accused the Russian agency of being behind the catastrophic cyberattack that caused billions in losses to Ukraine in June 2017 and a host of other hacks, including the Democratic Party email leaks and online cyber propaganda that sowed havoc before Americans voted in the 2016 presidential election.
Hours later Thursday morning, Dutch defense officials broadcast photos and a timeline of GRU agents’ botched attempt to break into the Organization for the Prohibition of Chemical Weapons using Wi-Fi hacking equipment hidden in the back of a sedan. The chemical weapons watchdog was investigating a Novichok nerve agent attack on a former GRU spy, Sergei Skripal, that Britain has blamed on the Russian government. Moscow has denied the charge.
The Dutch also accused the Russian agency of trying to hack into the investigation of the 2014 downing of a Malaysian Airlines flight over eastern Ukraine that killed all 298 people on board. A Dutch-led investigation team says it has strong evidence that the Buk missile which brought the plane down came from a Russia-based military unit. Russia has denied the charge.
Then came the U.S. government’s turn, with the U.S. Justice Department charging seven Russian GRU intelligence officers — including the four nabbed in The Hague — of an international hacking rampage that targeted more than 250 athletes, a nuclear energy company and a Swiss chemical laboratory.
U.S. Defense Secretary James Mattis said the West has “a wide variety of responses” available.
“Basically, the Russians got caught with their equipment, people who were doing it, and they have got to pay the piper. They are going to have to be held to account,” Mattis said, speaking in Brussels where he was meeting with NATO allies.
Moscow issued more denials on Thursday, but the allegations leveled by Western intelligence agencies, supported by a wealth of surveillance footage and overwhelmingly confirmed by independent reporting, painted a picture of the GRU as an agency that routinely crosses red lines — and is increasingly being caught red-handed around the world.
The U.S. indictment said the GRU targeted its victims because they had publicly supported a ban on Russian athletes in international sports competitions and because they had condemned Russia’s state-sponsored athlete doping program. U.S. prosecutors said the Russians also targeted a Pennsylvania-based nuclear energy company and the OPCW, which was investigating possible war crimes in Syria and the March poisoning of Skripal and his daughter in the English city of Salisbury.
The U.S. indictment says the seven defendants are all Russian citizens and residents. They include four GRU agents expelled last spring from the Netherlands.
They were identified as: Aleksei Sergeyevich Morenets, 41; Evgenii Mikhaylovich Serebriakov, 37; Ivan Sergeyevich Yermakov, 32; Artem Andreyevich Malyshev, 30; and Dmitriy Sergeyevich Badin, 27; who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.
The U.S. indictment says the hacking was often conducted remotely. If that wasn’t successful, the hackers would conduct “on-site” or “close access” hacking operations, with trained GRU members traveling with sophisticated equipment to target their victims through Wi-Fi networks.
The GRU’s alleged hacking attempts on the chemical watchdog agency based in The Hague, Netherlands, took place in April and were disrupted by authorities, Dutch Defense Minister Ank Bijleveld said Thursday. Four Russian intelligence officers were immediately expelled from the Netherlands, she said. Those were Minin, Sotnikov, Serebriakov and Morenets.
The British ambassador to the Netherlands said the men caught with spy gear outside OPCW were from the very same GRU section (Unit 26165) accused by American investigators of having broken into the Democratic National Committee’s email system before the 2016 U.S. election.
On Thursday, Australian and British spies endorsed the American intelligence community’s reported attribution of the catastrophic June 2017 cyberattack on Ukraine to the GRU. The malicious software outbreak briefly knocked out cash machines, gas stations, pharmacies and hospitals and, according to a secret White House assessment recently cited by Wired, dealt $10 billion worth of damage worldwide.
The hack and release of sports figures’ medical data in 2016 and the downing of Flight MH17 over eastern Ukraine in 2014 also allegedly carry the GRU’s fingerprints. Dutch investigators said the snoopers nabbed outside the OPCW also appear to have logged into the Wi-Fi networks near the World Anti-Doping Agency and the Malaysian hotels where crash investigators had gathered to investigate the shooting down of passenger flight MH17.
Russia’s interests were at stake in both cases. The OPCW was investigating the Skripal nerve agent poisoning, which Russia denied, and Russia was being blamed for the shooting down of MH17 over eastern Ukraine, where Ukrainian forces were fighting Russia-backed separatists at the time.
The leaders of Britain and the Netherlands on Thursday condemned the GRU for “reckless” and “brazen” activities around the world and vowed to defend vital international agencies from Russian aggression.
“This attempt, to access the secure systems of an international organization working to rid the world of chemical weapons, demonstrates again the GRU’s disregard for the global values and rules that keep us all safe,” British Prime Minister Theresa May and Dutch counterpart Mark Rutte said in a joint statement.
Britain’s ambassador to the Netherlands, Peter Wilson, said the GRU would no longer be allowed to act with impunity. Britain blames the secretive agency for the March poisoning of Skripal and his daughter.
The Associated Press, meanwhile, independently corroborated information that matches details for two of the alleged Russian agents named by the Dutch authorities.
An online database for car registration in Russia showed that Aleksei Morenets, whose full name and date of birth are the same as one of the Russians expelled by the Dutch, sold his car in 2004, listing the Moscow address where the Defense Ministry’s Military University is based.
Alexey Minin, another Russian whose full name and date of birth match the details released by Dutch authorities, had several cars, including an Alfa Romeo, that were registered and sold at the address where the Defense Ministry’s GRU school is located. In some of the filings, Minin listed the official military unit number of the GRU school as his home address.
Earlier, British Defense Secretary Gavin Williamson branded a series of global cyberattacks blamed on Russia as the reckless actions of a “pariah state,” saying that the U.K. and its NATO allies would uncover such activities in the future.
“Where Russia acts in an indiscriminate and reckless way, where they have done in terms of these cyberattacks, we will be exposing them,” Williamson told reporters in Brussels at talks with Mattis and other NATO officials.