{"id":96283,"date":"2018-10-04T11:24:00","date_gmt":"2018-10-04T11:24:00","guid":{"rendered":"http:\/\/mostafa.openonline.co.uk\/?guid=4df3fc2f59ada7f782ad89df3de936a6"},"modified":"2018-10-04T11:24:00","modified_gmt":"2018-10-04T11:24:00","slug":"speech-minister-for-europe-statement-attempted-hacking-of-the-opcw-by-russian-military-intelligence","status":"publish","type":"post","link":"https:\/\/mostafa.openonline.co.uk\/?p=96283","title":{"rendered":"Speech: Minister for Europe statement: attempted hacking of the OPCW by Russian military intelligence"},"content":{"rendered":"
\n

I\u2019d like to thank my Dutch colleagues and to make a few remarks. The United Kingdom and the Netherlands are close security partners, and our presence together today in The Hague underlines that.<\/p>\n

The disruption<\/h2>\n

The disruption of this attempted attack on the Organisation for the Prohibition of Chemical Weapons (OPCW<\/abbr>) was down to the expertise and professionalism of the Dutch security services, in partnership with the UK. The OPCW<\/abbr> is a respected international organisation, which is working to rid the world of chemical weapons. Hostile action against it demonstrates complete disregard for its vital mission.<\/p>\n

This disruption happened in April. Around that time, the OPCW<\/abbr> was working to independently verify the UK\u2019s analysis of the chemical used in the poisoning of the Skripals in Salisbury. As we know, the OPCW<\/abbr> confirmed the UK\u2019s analysis that a Novichok nerve agent was used in the Salisbury attack \u2013 which we now know for certain was carried out by serving GRU<\/abbr> officers.<\/p>\n

The OPCW<\/abbr> was also due to conduct analysis of the chemical weapons attack in Douma on 7 April. This operation in The Hague by the GRU<\/abbr> was not an isolated act. The Unit involved, known in the Russian military as Unit 26165, has sent officers around the world to conduct brazen close access cyber operations.<\/p>\n

One of the GRU<\/abbr> officers who was escorted out of the country by our Dutch colleagues, Yevgeniy Serebriakov, also conducted malign activity in Malaysia. This GRU<\/abbr> operation there was trying to collect information about the MH17 investigation, and it targeted Malaysian government institutions including the Attorney General\u2019s office and the Royal Malaysian Police.<\/p>\n

As the General has just mentioned, we also know that the GRU<\/abbr> officers who were stopped in The Hague planned to travel on to the OPCW<\/abbr> designated laboratory in Spiez. This wouldn\u2019t have been the first time they\u2019d travelled to Switzerland. Intelligence collected from a laptop that belonged to one of the GRU<\/abbr> officers disrupted in The Hague shows that it had connected to WiFi at the Alpha Palmiers Hotel in Lausanne in September 2016 \u2013 where a WADA<\/abbr> conference was taking place.<\/p>\n

That conference was attended by officials from the International Olympic Committee and the Canadian Center for Ethics in Sport. They found themselves the victims of a cyber attack. One official from the Canadian Center had their laptop compromised by \u2018APT28\u2019 malware; this was probably deployed by an actor connected to the same hotel WIFI network. Immediately after this laptop was compromised, the Center\u2019s computer systems were infected more broadly by APT28 malware. Subsequently, APT28 actors also compromised the IP addresses of the International Olympic Committee.<\/p>\n

APT28, Sandworm and Salisbury<\/h2>\n

Earlier today the British Government has publicly revealed that APT 28 and a number of other cyber actors, widely known to have been conducting cyber attacks around the world, are in fact the GRU<\/abbr>.<\/p>\n

The UK National Cyber Security Centre has made this assessment because of compelling technical evidence that links these actors\u2019 operations to known GRU<\/abbr> technical infrastructure. This leads them to assess that the GRU<\/abbr> was almost certainly responsible for these actors\u2019 attacks.<\/p>\n

I want to make it completely clear: the officers disrupted in The Hague are part of the same Unit of the GRU<\/abbr> \u2013 26165 \u2013 which is responsible for APT28. Another of the cyber actors identified as the GRU<\/abbr> was Sandworm, which was active in the wake of the Salisbury attack. I can reveal that they were behind the following attempted intrusions:<\/p>\n