The United Kingdom has imposed new sanctions on Russian intelligence officials after revealing an advanced cyberespionage scheme attributed to the GRU, Russia’s main military intelligence agency. The measures, announced jointly with European allies, were described as a response to years of hostile operations against Western targets, in an escalation that reinforces the role of cybersecurity as a strategic pillar of British foreign policy.
Sanctions target cyber espionage and hybrid warfare operations
Britain said it had discovered a sophisticated digital espionage tool and sanctioned more than 20 Russian spies, hackers and agencies over what it called a “sustained campaign of malicious cyber activity” targeting governments and institutions across Europe. Britain’s National Cyber Security Centre (NCSC) said novel malware used by spies at Russia’s GRU military intelligence agency had been used to harvest login credentials from online Microsoft MSFT.O products.
The foreign ministry said it was sanctioning three units of the GRU and 18 of its officers. These included people it said were involved in targeting strikes against Mariupol during the war in Ukraine, and spying on former Russian double agent Sergei Skripal and his daughter Yulia before they were targeted in a Novichok poisoning in Britain in 2018.
Attacks targeted democratic institutions
“GRU spies are running a campaign to destabilise Europe, undermine Ukraine’s sovereignty and threaten the safety of British citizens,” foreign minister David Lammy said in a statement.
British authorities have repeatedly accused Moscow of orchestrating malign activity, ranging from traditional espionage and actions to undermine democracy, to sabotage and assassinations. Moscow has rejected such accusations, saying they are politically motivated and that it poses no threat to Britain. The Russian embassy in London did not immediately respond to a request for comment.
Coordinated campaign involved multiple countries
British authorities emphasized that the targets of the attacks included institutions that play a central role in democracy and public communication, which, according to the government, demonstrates the Kremlin’s attempt at destabilization. The attacks compromised sensitive information and overwhelmed the responsiveness of government and critical systems in allied countries.
In its latest announcement, Britain said three Russian GRU units – 29155, 26165 and 74455 – had targeted media outlets, telecoms providers, political and democratic institutions, and energy infrastructure in the United Kingdom and across Europe. Among these incidents were an Estonian government hack in 2020, a cyberattack on the German Bundestag in 2015, the hacking in 2016 of the U.S. Democratic National Committee and Democratic Congressional Campaign Committee, and cyberattacks on the Paris Olympics last year, Britain said.
GRU group develops sophisticated digital trap
Classifying the malware as “sophisticated,” the NCSC warned that the threat is not limited to unauthorized access to credentials, but also to the possibility of remote control of compromised systems. The campaign indicates a high degree of coordination and technical investment by the GRU, with worrying implications for the protection of sensitive data in corporate environments.
The NCSC said a hacking group known as APT 28, part of GRU unit 26165, had developed “sophisticated malware” it dubbed “AUTHENTIC ANTICS” which tricks users of Microsoft cloud accounts into entering their credentials into a login window controlled by the hackers. The NCSC did not say who had been targeted by the malware.
British response involves diplomacy and defense
Britain has recently ramped up its military spending to help change its approach to defense, partly to address threats from Russia, nuclear risks and cyberattacks. The increase in the defense budget and the intensification of international cooperation in digital security are part of a strategy to counter hybrid threats, such as those posed by the GRU. The imposition of sanctions is seen as a way to directly hold individuals linked to espionage campaigns accountable and demonstrate that covert actions will have diplomatic consequences.