Attribution of a pattern of malicious cyber activity to Russia

Today, the AustralianGovernment has joined international partners to condemn a pattern of maliciouscyber activity by Russia targeting political, business, media and sportinginstitutions worldwide.

Based on advice fromAustralian intelligence agencies, and in consultation with our partners andallies, the Australian Government has determined that the Russian military, andtheir intelligence arm 'the GRU', is responsible for this pattern of maliciouscyber activity.

While Australia was notsignificantly impacted, this activity affected the ability of the public inother parts of the world to go about their daily lives. It caused significant,indiscriminate harm to civilian infrastructure and resulted in millions ofdollars in economic damage, including in Russia.

This is unacceptable and theAustralian Government calls on all countries, including Russia, to refrain fromthese types of malicious activities.

Cyberspace is not the WildWest. The International Community – including Russia – has agreed that internationallaw and norms of responsible state behaviour apply in cyberspace.

By embarking on a pattern ofmalicious cyber behaviour, Russia has shown a total disregard for theagreements it helped to negotiate.

Australia's InternationalCyber Engagement Strategy recognises that there must be consequences for thosewho act contrary to the consensus on international law and norms.

A first step is to attributemalicious behaviour publicly – as we are doing today. Our message is clear: therule of law applies online, just as it does offline. We will protect therules-based international order online, just as we do offline.

Australia is working withallies and partners to improve cooperative global responses to malicious cyberactivity that undermines international security and global economic stability.At home, the Australian Government has invested in world-leading cyber securitysystems to help deter, detect and manage cyber incidents, together withdomestic and international partners.

The ACSC has issued updatedadvice on how to strengthen systems and harden defences. All Australianorganisations are strongly encouraged to review the ACSC's website at www.cyber.gov.au

Unacceptable malicious cyberactivity being attributed by Australia to the Russian Military

• In October 2017, BadRabbit ransomwareinfected victims in Ukraine and Russia interrupting businesses and criticalnational infrastructure, including energy and transport sectors.
• In August 2016, the Russian military releasedconfidential medical files relating to a number of international athletes. TheWorld Anti-Doping Agency has stated publically that this data came from a hackof its Anti-Doping Administration and management system.
• In 2016, the US Democratic National Committee(DNC) was hacked by the Russian Military and documents were subsequentlypublished online.
• Between July and August 2015, multiple emailaccounts belonging to a small UK-based TV station were accessed by the RussianMilitary and content stolen.