NCSC Says GRU Operatives Attacked 2018 and 2020 Olympic and Paralympic Games


The National Cyber Security Centre (NCSC) says that operatives of Russia’s GRU military intelligence service performed cyber reconnaissance directed at the 2020 Olympic and Paralympic Games, which had been scheduled to take place this summer.

The COVID-19 pandemic changed the 2020 Olympic and Paralympic Games organizers’ plans, which postponed the event. The NCSC believes that GRU’s Main Centre for Specialist Technologies (GTsST) group, also known under Sandworm and VoodooBear, is responsible for the attack.

The statement from the NCSC came immediately after the US Department of Justice announced criminal charges against Russian military intelligence officers, responsible for some of the most destructive and costly cyber-attacks in history.

“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless,” said UK’s Foreign Secretary Dominic Raab. “We condemn them in the strongest possible terms. The UK will continue to work with our allies to call out and counter future malicious cyber attacks,” he concluded.

The modus operandi of the same threat actors in 2018 was different, as they tried to pose as Chinese or North Korean hackers. NCSC assess with certainty that these are the same hackers as those targeting the current edition. The attackers intended to deploy malware capable of wiping data and disable computers and networks.

The reason for the attacks is not difficult to guess, as Russia was banned from competing in the 2018 Winter Olympics in PyeongChang and the 2020 Summer Games in Tokyo. Russian authorities manipulated the data submitted to the World Anti-Doping Agency (WADA), in an attempt to protect athletes caught doping.

Unfortunately, all of the threat actors indicted by the US Department of Justice and named by NCSC are outside of their jurisdiction, which means they will likely continue their attacks.