The Russia connectionDetails of Russia’s Cyberattacks against Olympic, Paralympic Games Revealed

Published 21 October 2020

The U.K. On Monday (19 October) exposed malicious cyberactivity from Russia’s GRU military intelligence service against organizations involved in the 2020 Olympic and Paralympic Games before they were postponed. The U.K. National Cyber Security Center (NCSC) said that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks.

The U.K. On Monday (19 October) exposed malicious cyberactivity from Russia’s GRU military intelligence service against organizations involved in the 2020 Olympic and Paralympic Games before they were postponed.

The activity involved cyber reconnaissance by the GRU targeting officials and organizations involved in the Games, which had been due to take place in Tokyo during the summer.

The U.K. National Cyber Security Center (NCSC) said the the incidents were the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games, with the U.K. on Monday also revealing details of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.

The NCSC, a part of GCHQ, says it assesses with high confidence that these attacks were carried out by the GRU’s Main Centre for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear.

Details were released after the U.S. Department of Justice announced criminal charges against Russian military intelligence officers working for the GRU’s cyber unit for conducting cyberattacks against the 2018 Winter Games and other cyberattacks.

The Foreign Secretary Dominic Raab has issued a statement making clear that the Russian government cannot act with impunity.

Paul Chichester, the NCSC’s Director of Operations, said:

“We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the U.S. Department of Justice.

“These attacks have had very real consequences around the world – both to national economies and the everyday lives of people.

“We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyberspace.”

In the attacks on the 2018 Games, the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games.

The GRU deployed data-deletion malware against the Winter Games IT systems and targeted devices across the Republic of Korea using VPNFilter.

The NCSC assesses that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks. Administrators worked to isolate the malware and replace the affected computers, preventing potential disruption.