Russian Envoy To NATO Claims Alliance Has Crossed A Red Line
Target: UK Government & Private Sector
Attack Vector: Phishing Campaign
Threat Actor: APT28/29
Summary: Aleksandr Grushko, the Russian envoy to NATO, has stated that the increasing military build-up on Russia’s doorstep cannot be justified and the NATO alliance have crossed a line with recent activity. In a meeting on 3rd April 2018 of the Russian think-tank the “Valdai Discussion Club” Grushko claimed that Russia have never developed a military dimension with neighbouring states, even when in dispute with them and stated “Now, thanks to NATO, we have a military dimension, it was their choice, they crossed the red line.”
The statement comes at a time when the diplomatic relationship between Russia, the UK, and its NATO allies are at breaking point as a result of the March assassination attempt on Sergei Skripal. Recently, Russia have continued to vehemently deny any involvement in the suspected nerve agent attack and claim that the incident was a ‘false flag’ carried out by MI6 as a means of isolating Russia internationally. The situation has been further complicated by a statement from Porton Down scientists admitting they were unable to positively identify the chemical agent used against Skripal as having originated from Russia. This is certain to be seized on by Moscow as another means of undermining the UK government narrative.
Risk assessment summary: Given the ongoing tensions between Russia and the UK it continues to be assessed that a 2b HIGH threat exists to a broad spectrum of UK sectors. There are clear indicators that Russian state-sponsored actors are actively probing UK organisations in both the government and private sector. This reconnaissance type activity is a strong indicator of a clear intent to target these entities for subsequent cyber-attacks. Whilst it continues to be assessed that harvesting and weaponisation of data for use in influence operations remains the most likely scenario, disruptive, service affecting attacks cannot be ruled out.
The Grushko statement is of particular concern as this suggests Russia may place its forces into a more aggressive defence posture in response to what it sees as NATO expansion into its ‘near abroad’. This would almost certainly include increased ‘hybrid warfare’ activity from the cyber defence elements of the Russian military and intelligence agencies. Additionally, the combination of factors which have occurred during the past week, such as the Aeroflot search, the accusations against diplomats stationed in Canada, the expulsions of diplomats, the extradition of the hacker Nikulin and the Porton Down Novichok statement, are all likely promote an ‘under siege’ mentality in Moscow. Whilst the forthcoming World Cup may act as a restraining factor for any overt cyber-attacks, Moscow is likely to be preparing for subsequent retaliation against the West, commencing with the probing of potential targets. All previous recommendations and threat assessments remain valid and monitoring of the threat environment will continue in order to identify further actionable intelligence.