Press release

UK enforces new sanctions against Russia for cyber attack on German Parliament

UK Foreign Secretary Dominic Raab welcomes decisive action to hold perpetrators to account for Fancy Bear cyber attack in 2015.

This was published under the 2019 to 2022 Johnson Conservative government

The UK has announced it will enforce asset freezes and travel bans against two Russian GRU officers and the GRU’s military intelligence unit 26165 – codenamed APT28 and Fancy Bear – which were responsible for the 2015 cyber attacks on Germany’s Parliament.

Today’s sanctions have been made under the EU’s regime and form part of the UK’s ongoing partnership with its allies to send a message to Russia that there will be consequences for its malicious cyber activity. The sanctions come into force immediately. The attribution of this anti-democratic attack by Russia further exposes its pattern of malign behaviour intended to undermine international law and institutions.

The GRU is the main military intelligence wing of the Russian Armed Forces and its cyber units have been responsible for a number of cyber attacks in recent years including - as the UK and US revealed this week – unit 74455 committed an attack on the 2018 Winter and targeted the postponed 2020 Summer Olympic Games. The reckless cyber attacks by unit 26165 on Germany’s Parliament in 2015 targeted information systems, stole significant amounts of data and affected email accounts belonging to German MPs and the Vice Chancellor.

Foreign Secretary Dominic Raab said:

The UK stands shoulder to shoulder with Germany and our European partners to hold Russia to account for cyber attacks designed to undermine Western democracies. This criminal behaviour brings the Russian Government into further disrepute.

The UK was at the forefront of efforts to establish the EU Cyber Sanctions regime and will implement our own autonomous Cyber Sanctions regime at the end of the Transition Period. We are committed to working with our international partners to enforce responsible behaviours and promote international security and stability in cyberspace. The UK has laid the statutory instrument for our cyber sanctions regime, which will allow us to impose travel bans and asset freezes on individuals and organisations.

Background

Attack NCSC assessment
In August 2016, confidential medical files relating to a number of international athletes were released. WADA stated publicly that this data came from a hack of its Anti-Doping Administration and Management system. NCSC assess with high confidence that the GRU was almost certainly responsible.
In 2016, the Democratic National Committee (DNC) was hacked and documents were subsequently published online. NCSC assess with high confidence that the GRU was almost certainly responsible.
Between July and August 2015 multiple email accounts belonging to a small UK-based TV station were accessed and content stolen. NCSC assess with high confidence that the GRU was almost certainly responsible.
In April and May 2015 the German federal parliament (Deutscher Bundestag) was attacked, during the attack a significant amount of data was stolen and the email accounts of several MPs as well as Chancellor Angela Merkel were affected. NCSC assess with high confidence that the GRU was almost certainly responsible.

Media enquiries

Email newsdesk@fcdo.gov.uk

Telephone 020 7008 3100

Contact the FCDO Communication Team via email (monitored 24 hours a day) in the first instance, and we will respond as soon as possible.

Updates to this page

Published 22 October 2020