US and UK blame Russia for 'malicious' cyber-offensive

Security officials issue alert directly blaming Kremlin for attack as US warns Moscow it is ‘pushing back hard’

The cyberwar between the west and Russia has escalated after the UK and the US issued a joint alert accusing Moscow of mounting a “malicious” internet offensive that appeared to be aimed at espionage, stealing intellectual property and laying the foundation for an attack on infrastructure.

Senior security officials in the US and UK held a rare joint conference call to directly blame the Kremlin for targeting government institutions, private sector organisations and infrastructure, and internet providers supporting these sectors.

Rob Joyce, the White House cybersecurity coordinator, set out a range of actions the US could take such as fresh sanctions and indictments as well as retaliating with its own cyber-offensive capabilities. “We are pushing back and we are pushing back hard,” he said.

Joyce stressed the offensive could not be linked to Friday’s raid on Syria. It was not retaliation for the US, UK and French attack as the US and UK had been investigating the cyber-offensive for months. Nor, he said, should the decision to make public the cyber-attack be seen as a response to events in Syria.

Joyce was joined in the call by representatives from the FBI, the US Department of Homeland Security and the UK’s National Cyber Security Centre (NCSC), which is part of the surveillance agency GCHQ.

The US and UK, in a joint statement, said the cyber-attack was aimed not just at the UK and US but globally. “Specifically, these cyber-exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, network intrusion detection system,” it said.

“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations.

“The current state of US and UK network devices, coupled with a Russian government campaign to exploit these devices, threatens our respective safety, security, and economic wellbeing.”

The US has given the cyber activity alleged to be from Russia the name GRiZZLY STEP.

The US and UK have previously blamed Russia for cyber-attacks such as crippling attacks last year that created disruption worldwide, including to the National Health Service, and for a cyber-intrusion into the US energy grid.

But they portrayed this as far more serious because of the potential to undermine infrastructure. Millions of machines had been targeted in a “sustained” campaign and the US and UK admitted they still did not know the full extent to which the system had been compromised.

Previously the two nations have spoken only of attacks “originating from Russia”, with lines between Russian criminals and state activity being blurred, but they pinned blame on the Kremlin on this occasion.

The US and UK said they had “high confidence” that the Kremlin was behind the attack.

It is the first time they have issued joint advice to all sectors that might have been compromised, offering steps to to identify and neutralise potential problems relating to the attacks.

Ciaran Martin, the chief executive of the NCSC, which works closely with the surveillance agency GCHQ, said: “This is a very significant moment as we hold Russia to account.”

Howard Marshall, who works in the FBI’s cyber-division and who was on the conference call, said: “We will bring every tool to bear against them in every corner of cyberspace.”

The decision of the US and UK governments to go public reflects a loss of patience with Moscow after a series of cyber-attacks and hacks allegedly originating from within Russia. It could also be born out of frustration over Russia’s supposed interference in democratic elections in the US and Europe, its support for Syria’s Bashar al-Assad and incidents such as the use of a nerve agent in Salisbury.

Both the US and UK, like Russia, have cyber-offensive capabilities. The head of GCHQ, Jeremy Fleming, in his first public speech last week, described how such a capability was used to degrade Islamic State’s ability to disseminate propaganda from its Syrian headquarters in Raqqa. It was the first time that UK has admitted to having used its cyber-offensive capability.

Contributor

Ewen MacAskill Defence correspondent

The GuardianTramp

Related Content

Article image
Hostile states pose 'fundamental threat' to Europe, says MI6 chief
Although Alex Younger does not name specific country, he makes clear that Russia is target of his remarks

Ewen MacAskill Defence and intelligence correspondent

08, Dec, 2016 @1:31 PM

Article image
Russia accused of cyber-attack on chemical weapons watchdog
Netherlands expelled four GRU officers after alleged attacks on OPCW and UK Foreign Office

Pippa Crerar, Jon Henley and Patrick Wintour

04, Oct, 2018 @2:48 PM

Article image
Britain has offensive cyberwar capability, top general admits
Gen Sir Patrick Sanders says Boris Johnson has told him to ensure UK is major cyber power

Dan Sabbagh Defence and security editor

25, Sep, 2020 @5:00 PM

Article image
UK unveils National Cyber Force of hackers to target foes digitally
New unit aims to disrupt online activities of hostile states, terror groups and paedophiles

Dan Sabbagh Defence and security editor

19, Nov, 2020 @6:48 PM

Article image
The Guardian view on cyberwar: an urgent problem | Editorial
Editorial: The internet is now used as a low-level weapon of war. How should Britain best defend itself?

Editorial

22, Jan, 2018 @5:42 PM

Article image
UK accuses Kremlin of ordering series of 'reckless' cyber-attacks
Foreign Office increases pressure on Russia after Skripal poisoning

Patrick Wintour Diplomatic editor

03, Oct, 2018 @11:01 PM

Article image
Russia is biggest threat to UK since cold war, says head of British army
Gen Sir Nick Carter gives stark warning of ‘complex and capable security challenge’ for Nato

Ewen MacAskill

23, Jan, 2018 @12:23 AM

Article image
Labour's Ben Bradshaw claims he was target of Russian cyber-attack
Frequent critic of Kremlin interference in the UK was sent suspicious email from Moscow

Luke Harding

03, Dec, 2019 @6:20 PM

Article image
Nato must defend western democracy against Russian hacking, say Fallon
UK defence secretary accuses Moscow of ‘weaponising misinformation’ to disable democratic machinery

Ewen MacAskill Defence correspondent

03, Feb, 2017 @8:12 AM

Article image
Ex-hackers could be recruited to UK cyberdefence force
GCHQ to train hundreds of enlisted computer experts including possible convicted hackers for UK cyberdefence force

Haroon Siddique

22, Oct, 2013 @8:46 AM