UK exposes Russian military intelligence cyber attacks against Tokyo Olympics

  • Video report by ITV News Security Editor Rohit Kachroo

The Russian military intelligence service (GRU) carried out cyber attacks on officials and organisations linked to the 2020 Tokyo Olympics in an effort to disrupt the event, the UK government has said.

The GRU is said to have conducted cyber reconnaissance against organisers, logistics services and sponsors with the intent of compromising computer systems and sabotaging the running of the Games.

The Foreign, Commonwealth and Development Office (FCDO) and National Cyber Security Centre (NCSC) said the activity was the latest incident in a string of cyber attacks on the Olympic and Paralympic Games, which previously saw the GRU target the 2018 Winter Olympic and Paralympic Games in Pyeongchang, South Korea.

Last year, Russia was handed a four-year ban from all major global sporting events, including the Olympics, by the World Anti-Doping Agency for manipulating athletes’ doping data, a decision which Russia has appealed against.

Foreign Secretary Dominic Raab condemned the actions of the Russian hackers carrying out the attacks.

"The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless," he said.

Foreign Secretary Dominic Raab Credit: Stefan Rousseau/PA

The foreign secretary said: "We condemn them in the strongest possible terms.

"The UK will continue to work with our allies to call out and counter future malicious cyber attacks."

Analysis from ITV News' Security Editor Rohit Kachroo

The Winter Olympics in Pyeongchang, South Korea were just getting underway when organisers were hit by the sort of cyber attack that security agencies had tried to prepare for. 

Internet access and the Games’ website were targeted - officials and sponsors too. Broadcasters were hampered when some camera feeds were brought down. 

During the opening ceremony, viewers around the world noticed an unusually high number of empty seats in the stadium. Some people who had expected to be inside struggled to get online to access the accreditation they needed. 

North Korea was among the early suspects - after all, the cyber attackers had left hallmarks designed to make it look like it or China were to blame. But that analysis assumed that South Korea, the host nation, was the intended target rather than the broader Olympic movement.

Now more than two years on, British officials have said those apparent cyber signatures were part of a so-called ‘false-flag operation’ by Russia’s military intelligence who had used data-deletion malware to launch the attack. 

The UK has made no firm conclusion about Moscow’s likely motives, but they believe it might have been acting ahead of Russia’s four-year ban from sporting events. Of course, ‘cyber’ is one of its weapons of choice. Moscow has been blamed many times before for attacks against the critical infrastructure of other nations - but this incident affected many nations, not one.

And officials believe Russia is already carrying out cyber-reconnaissance and "malicious activity" in relation to the forthcoming Tokyo games next year, when an ‘Olympic Truce’ confirmed by the United Nations General Assembly, is due to be in place. 

On the long list of recent Russian aggressions, from the annexation of Crimea to the Salisbury poisonings, this alleged attack would not sit close to the top in terms of scale or consequence. But it might indicate who and what Putin’s military intelligence considers a legitimate target. 

The UK government hopes today’s public declaration might deter future cyberattacks. Based on what is suspected about Russia’s recent behaviour, that seems optimistic.

As well as the attacks on the Tokyo Games, which have now been postponed to 2021 because of the coronavirus pandemic, the government said it had also uncovered new details on the Russian cyber attacks on the 2018 Pyeongchang Games.

The NCSC said the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony of the Winter Games.

The Paralympic flame during the Closing Ceremony for the Pyeongchang 2018 Winter Paralympics Credit: Adam Davy/PA

The cyber agency said the GRU used data-deletion malware in those attacks with the intention of sabotaging the running of both the Winter Olympic and Paralympic Games, as the malware was designed to wipe information from computers and to disable them.

The NCSC said administrators had worked to isolate the malware and replace affected computers, which had prevented any potential disruption.

The government said the GRU unit behind the attacks on the Olympics is the same one which targeted Ukraine’s electricity grid in 2015, and was behind the NotPetya cyber attack of 2017 which hit Ukrainian financial, energy, and government sectors as well as other European businesses.

The unit is known as the Main Centre for Special Technologies (GTsST), as well as by its field post number 74455 and a number of other names online, including Sandworm and VoodooBear.

The NCSC said the same unit is also responsible for an attack on the UK Foreign Office’s computer systems in March 2018, and another targeting the Defence and Science Technology Laboratory (DSTL) in April of the same year, which at the time was investigating the Salisbury Novichok poisoning.