“We continue to see a sustained pattern of malicious cyber behaviour by the Russian state, and by cyber criminals allowed to operate from Russian territory with impunity, against the UK and our friends and partners.
“This pattern of malicious cyber behaviour includes a long-running campaign of hostile and destabilising activity against Ukraine, the tempo of which increased significantly in the run up to and immediately following Russia’s illegal invasion on 24 February 2022.
“Together with partners, we have exposed multiple instances of malicious cyber activity by Russia, including the deployment of malware against the Ukrainian banking sector on 15 and 16 February 2022, and an attack on a communications company on the 24 February that caused outages for several thousand Ukrainian customers, with tens of thousands of terminals damaged, rendered inoperable and irreparable.
“In addition to harming their intended targets, these incidents have had wider destabilising consequences – affecting ordinary people and businesses across the OSCE region. For example, the 24 February attack affected windfarms in one country and internet users across Europe.
The Kremlin continues to use information operations to undermine Ukrainian sovereignty, create false pretexts and obscure the truth. It regularly uses propaganda and disinformation to sustain its support base, attack rivals, and erode international support for Ukraine. Georgia and Moldova are among the states suffering on the frontline from these underhand tactics.
Threat to the UK
“Even before it launched its illegal invasion of Ukraine, we judged Russia posed a significant, enduring, and direct cyber threat to the UK.
“Our National Cyber Security Centre has confirmed that Russian cyber actors have conducted a malign programme of activity in recent years, including attempted interference against our media, telecommunications, and energy infrastructure.
“This threat has not changed significantly since the start of its invasion, but Russia’s risk appetite has grown significantly.
UK response
“As was made clear by our recent Integrated Review Refresh, the UK is working with our partners to meet these challenges head on and to hold the perpetrators to account.
“We have publicly attributed malicious cyber activity to Russia where we have had compelling evidence to do so and it was in our national interest. I have already given some examples, related to Ukraine, but there are others. For example, in April 2021 we attributed the SolarWinds compromise to Russia’s foreign intelligence agency, the SVR. This forms part of a pattern of behaviour ongoing since 2011, predominantly aimed at overseas governmental, diplomatic, think-tank, healthcare and energy targets for intelligence purposes.
“We have also used our cyber sanctions regime to impose a direct cost on those responsible for malicious cyber activity. For example, together with partners we have imposed asset freezes and travel bans against members of Russia’s military intelligence agency, the GRU’s, destructive cyber unit. As outlined in our National Cyber Strategy, the UK will continue to strengthen our cyber resilience.
“And importantly, we also will continue to support our partners to build their own resilience.”
