Well, it’s kind of extraordinary, isn’t it?
So, for one thing, they have now named APT29, again, an actor that was very familiar to those of us who were paying attention to the 2016 election interference campaign, because they had also hacked into DNC computer systems. They didn’t get quite as much attention by the media, though, because they weren’t the ones that leaked that information to WikiLeaks, right? That was the GRU, Russia’s military intelligence service.
But, today, the U.S. government also asserts that APT29, also known as Cozy Bear, is an arm of the SVR, which is to say, Russia’s foreign civilian intelligence service. These are the actors who did the so-called SolarWinds hack, right, a massive data breach, which affected not only private companies in the United States, but also U.S. government institutions.
And what we’re seeing now in terms of the tradecraft of cyber-operations between the GRU, Russia’s military intelligence service, and the SVR, their civilian foreign service, is one of a degree of public impact, you might say.
The SVR likes to do data collection. It likes to exfiltrate information for internal Russian use. THE GRU steal stuff, and then it disseminates it or tries to even shut down digital infrastructure. The GRU was responsible, for instance, for the NotPetya malware attack, which, for a period about 48 hours, almost crippled global commerce several years ago.
They also hacked into the Olympics a few years ago. Again, the U.S. government has now certified what a lot of cybersecurity analysts have been saying for many, many years, but couldn’t themselves prove.
So this is actually a major, major set of revelations by the U.S. government. And, as Angela said, I mean, it depends on who you’re asking. Do sanctions actually prove the case, with a sufficient body of evidence? Well, in terms of being a journalist and reporting on these issues, it certainly makes our job a lot easier to make allegations and assertions that we otherwise could only speculate at just a few hours ago.