20 Oct 2020

New Zealand helps US nab Russian hackers targeting companies, political campaigns

11:01 am on 20 October 2020

New Zealand agencies have helped US authorities charge six Russian state-sponsored computer hackers over attacks spanning four years.

The Olympic Symbol is pictured at the New National Stadium, a venue for the opening ceremony of the 2020 Tokyo Olympics and Paralympics in Shinjuku Ward, Tokyo on March 24, 2020.

Britain and US say Russia has targeted 2020 Tokyo Games organisers, logistics suppliers and sponsors. Photo: AFP / Yomiuri

The US Justice Department said in a media release six Russian GRU intelligence members sought to undermine, retaliate or destabilise foreign companies and political campaigns through computer hacks.

"Their computer attacks used some of the world's most destructive malware to date, including KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics," the DoJ said.

"The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name."

The statement alleges the hackers operated under a range of names, including Sandworm Team, Telebots, Voodoo Bear and Iron Viking.

"No country has weaponised its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite," Assistant Attorney General for National Security John C Demers said.

"Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware."

This included thousands of US and international companies and organisations, French President Emmanuel Macron's political campaign, and the 2018 Winter Olympics.

The Justice Department said governments agencies, including New Zealand's, provided "significant cooperation" and assistance to the investigation.

"We also appreciate the hard work and dedication of our foreign law enforcement or intelligence partners, including in Ukraine, Georgia, South Korea, the United Kingdom and New Zealand, who have also pursued these conspirators after attacks and intrusions within their own countries or otherwise assisted in our investigation.

"All of these partnerships send a clear message that responsible nations and the private sector are prepared to work together to defend against and disrupt significant cyber threats."

Government Communications Security Bureau minister Andrew Little said the country was involved in international efforts but he can't say how in that case.

"There are a number of New Zealand authorities that would assist in something like this, we know that cyber threats and cyber security issues dominate around the world.

"We will have assisted in some way but it's not quite clear what that assistance were in this case."

UK, US say Russia on cyber offensive to sabotage Tokyo Olympics

Britain and the US have condemned what they said were a litany of malicious cyberattacks orchestrated by Russian military intelligence, including attempts to disrupt next year's Olympic and Paralympic Games in Tokyo.

British and US officials said the attacks were conducted by Unit 74455 of Russia's GRU military intelligence agency, also known as the Main Centre for Special Technologies.

In an indictment unsealed on Monday, the US Justice Department said six members of the unit had played key roles in attacks on targets ranging from the 2018 Winter Olympics in South Korea to the 2017 French elections.

British officials said the GRU hackers had also conducted "cyber reconnaissance" operations against organisers of the 2020 Tokyo Games, which were originally scheduled to be held this year but postponed because of the coronavirus outbreak.

British Foreign Secretary Dominic Raab speaks at a press conference at the State Department in Washington, DC, on September 16, 2020. (Photo by NICHOLAS KAMM / POOL / AFP)

Dominic Raab Photo: AFP

The officials declined to give specific details about the attacks or whether they were successful, but said they had targeted Games organisers, logistics suppliers and sponsors.

British Foreign Secretary Dominic Raab said: "The GRU's actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms."

FBI deputy director David Bowdich said: "The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia's cyber activities truly are."

Russia was banned from the world's top sporting events for four years in December over widespread doping offences, including the Tokyo Games.

The attacks on the Games are the latest in a string of hacking attempts against international sporting organisations that Western officials and cybersecurity experts say have been orchestrated by Russia since its doping scandal erupted five years ago. Moscow has repeatedly denied the allegations.

Russia accused of 2018 Games hacking

Britain and the United States said those attacks included a hack of the 2018 Winter Olympics opening ceremony in South Korea, which compromised hundreds of computers, took down internet access and disrupted broadcast feeds.

Fireworks at the end of the closing ceremony of the Pyeongchang 2018 Winter Olympic Games.

Fireworks at the end of the closing ceremony of the Pyeongchang 2018 Winter Olympic Games. Photo: AFP

The attack in South Korea had previously been linked to Russia by cybersecurity researchers but was made to look like the work of Chinese or North Korean hackers, Britain's foreign ministry said in a statement.

"The attacks on the 2020 Summer Games are the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games," it said.

"The UK is confirming for the first time today the extent of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea."

- RNZ / Reuters

Get the RNZ app

for ad-free news and current affairs