Russian unit behind Salisbury Novichok attack targeted Olympics, British spy chiefs reveal

Robert Mendick
·3-min read
The Foreign Office, the attacks on the 2020 Games were the latest in a campaign of Russian 'malicious activity' against the Olympics and Paralympics - AFP
The Foreign Office, the attacks on the 2020 Games were the latest in a campaign of Russian 'malicious activity' against the Olympics and Paralympics - AFP

The Russian military intelligence unit behind the Novichok attack in Salisbury tried to disrupt the 2020 summer Olympics in Japan in a plot uncovered by a joint British and US counter-espionage operation.

The GRU (Main Intelligence Directorate) launched "cyber reconnaissance" operations on both the Olympic and Paralympic Games, which had been due to be held in Tokyo before they were postponed because of the Covid-19 pandemic. Targets included organisers and sponsors.

The US Department of Justice said it was charging six Russian military officers with computer hacking offences.

The offences also include attacks on the 2018 Winter Olympics, staged in South Korea, and an attempt to infiltrate the British investigation into the Salisbury poisonings, being conducted at the chemical research laboratory at Porton Down.

The public disclosure is designed to cause embarrassment to Vladimir Putin's regime as part of a strategy to "call out" illegal Russian cyber hacking. It is also intended to deter the Russians from launching further attacks when the Games finally take place.

Russia is banned from competing at the Olympics under its national flag because of repeated state-sponsored doping offences.

Dominic Raab, the Foreign Secretary, said: "The GRU's actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.

"The UK will continue to work with our allies to call out and counter future malicious cyber attacks."

Dominic Raab condemned the GRU's 'cynical and reckless' actions - Toby Melville/ AFP
Dominic Raab condemned the GRU's 'cynical and reckless' actions - Toby Melville/ AFP

Assistant Attorney General John Demers, the US Justice Department's top national security official, said: "No country has weaponised its cyber capabilities as maliciously and irresponsibly as Russia, wantonly causing unprecedented collateral damage to pursue small tactical advantages as fits of spite.

"Today, Monday, the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group."

The UK's National Cyber Security Centre, part of GCHQ, concluded that the planned attacks on the 2020 Summer Games were part of a campaign of Russian "malicious activity" against the world's biggest sporting event. 

In a statement, the UK said it could also confirm for the first time that a cyber unit within the GRU had successfully targeted the opening ceremony of the 2018 Winter Olympics.

Hackers succeeded in crashing the Games website, preventing spectators from printing out tickets and disrupting the Wi-Fi inside the stadium. It also launched attacks on broadcasters, a ski resort, Olympic officials and sponsors.

The Russian GRU unit had disguised itself as North Korean and Chinese hackers.

The UK and US authorities have identified the GRU cyber unit responsible for the hacking as its Main Centre for Special Technologies (GTsST), also known by its field post number 74455. It has also been described by a variety of different groups in technology circles, including Sandworm, BlackEnergy Group and VoodooBear. 

US authorities said the GRU "computer attacks used some of the world's most destructive malware to date", including KillDisk and Industroyer, which caused blackouts in Ukraine, and Olympic Destroyer, which disrupted the 2018 Winter Games.

Russian hacking incidents
Russian hacking incidents

The FBI indictment charges the six Russians with conspiracy, computer hacking, wire fraud, aggravated identity theft and false registration of a domain name.

A GRU assassination squad orchestrated the attempted murder of Sergei Skripal, a former GRU colonel turned MI6 spy, in Salisbury in March 2018.

Colonel Skripal and his daughter survived the nerve agent attack but Dawn Sturgess, a British woman, was killed after she inadvertently picked up discarded Novichok concealed in a perfume bottle.

The Russians charged with the latest hacking offences were named in the 50-page indictment as Yuriy Sergeyevich Andrienko, 32;  Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko; and  Petr Nikolayevich Pliskin, 32.