By Alistair Smout, Sam Tabahriti and Michael Holden. LONDON, July 18 (Reuters)
Last week, London framed sanctions as a punitive measure and a warning to Moscow following recent discoveries of Russian espionage. Officials emphasized that the operation behind these attempts was part of a broader Russian strategy to weaken European unity and disrupt important democratic processes.
Growing evidence of state-sponsored cyber espionage
Britain said last week it had discovered a sophisticated digital espionage tool and sanctioned more than 20 Russian spies, hackers and agencies over what it called a “sustained campaign of malicious cyber activity” targeting governments and institutions across Europe. Britain’s National Cyber Security Centre (NCSC) said novel malware used by spies at Russia’s GRU military intelligence agency had been used to harvest login credentials from online Microsoft MSFT.O products.
The foreign ministry said it was sanctioning three units of the GRU and 18 of its officers. These included people it said were involved in targeting strikes against Mariupol during the war in Ukraine, and spying on former Russian double agent Sergei Skripal and his daughter Yulia before they were targeted in a Novichok poisoning in Britain in 2018.
British authorities have repeatedly accused Moscow of orchestrating malign activity, ranging from traditional espionage and actions to undermine democracy, to sabotage and assassinations. Moscow has rejected such accusations, saying they are politically motivated and that it poses no threat to Britain. The Russian embassy in London did not immediately respond to a request for comment.
Previous Russian cyber operations, such as attacks on critical infrastructure and interference in democratic processes, had shown increasing sophistication. By directly targeting GRU officers and affiliated networks, Britain aims to disrupt future operations and send a clear message of accountability.
Coordinated sanctions with global reach
In its latest announcement, Britain said three Russian GRU units โ 29155, 26165 and 74455 โ had targeted media outlets, telecoms providers, political and democratic institutions, and energy infrastructure in the United Kingdom and across Europe. Among these incidents were an Estonian government hack in 2020, a cyberattack on the German Bundestag in 2015, the hacking in 2016 of the U.S. Democratic National Committee and Democratic Congressional Campaign Committee, and cyberattacks on the Paris Olympics last year, Britain said.
The NCSC said a hacking group known as APT 28, part of GRU unit 26165, had developed “sophisticated malware” it dubbed “AUTHENTIC ANTICS” which tricks users of Microsoft cloud accounts into entering their credentials into a login window controlled by the hackers. The NCSC did not say who had been targeted by the malware. Representatives for Microsoft did not immediately respond to a request for comment.
The British foreign ministry also said Unit 26165 had conducted reconnaissance on the Mariupol Theatre in March 2022 ahead of air strikes that local officials said killed about 300 people. Russia denied deliberately targeting the theatre. In addition to the GRU-focused sanctions, the ministry said it was sanctioning three leaders of “African Initiative”, which it said was a Russian-funded social media content mill conducting information operations in West Africa.
UK strengthens security strategy
The African Initiative sanctions signal Londonโs growing focus on countering Russian influence beyond Europe. The group allegedly used disinformation campaigns to sway public opinion in regions where Western engagement is limited, further illustrating how Russiaโs cyber and informational operations extend far beyond conventional military zones. By targeting such networks, the UK hopes to limit the Kremlinโs ability to project soft power globally.
This tightening of sanctions and bolstering of defenses marks an important shift in UK security policy. The government is prioritizing resilience against hybrid warfare, combining diplomatic pressure, economic measures and advanced cybersecurity cooperation with allies. While Moscow continues to deny any wrongdoing, London is betting on a united international front to deter further aggression and safeguard critical democratic institutions.