Attribution of a pattern of malicious cyber activity to Russia

Home » Media Centre » Attribution of a pattern of malicious cyber activity to Russia
Media release
04 Oct 2018
Prime Minister, Minister for Foreign Affairs

Today, the Australian Government has joined international partners to condemn a pattern of malicious cyber activity by Russia targeting political, business, media and sporting institutions worldwide.

Based on advice from Australian intelligence agencies, and in consultation with our partners and allies, the Australian Government has determined that the Russian military, and their intelligence arm ‘the GRU’, is responsible for this pattern of malicious cyber activity.

While Australia was not significantly impacted, this activity affected the ability of the public in other parts of the world to go about their daily lives. It caused significant, indiscriminate harm to civilian infrastructure and resulted in millions of dollars in economic damage, including in Russia.

This is unacceptable and the Australian Government calls on all countries, including Russia, to refrain from these types of malicious activities.

Cyberspace is not the Wild West. The International Community – including Russia – has agreed that international law and norms of responsible state behaviour apply in cyberspace. 

By embarking on a pattern of malicious cyber behaviour, Russia has shown a total disregard for the agreements it helped to negotiate.

Australia’s International Cyber Engagement Strategy recognises that there must be consequences for those who act contrary to the consensus on international law and norms.

A first step is to attribute malicious behaviour publicly – as we are doing today. Our message is clear: the rule of law applies online, just as it does offline. We will protect the rules-based international order online, just as we do offline.

Australia is working with allies and partners to improve cooperative global responses to malicious cyber activity that undermines international security and global economic stability. At home, the Australian Government has invested in world-leading cyber security systems to help deter, detect and manage cyber incidents, together with domestic and international partners.

The ACSC has issued updated advice on how to strengthen systems and harden defences. All Australian organisations are strongly encouraged to review the ACSC’s website at

Unacceptable malicious cyber activity being attributed by Australia to the Russian Military

  • In October 2017, BadRabbit ransomware infected victims in Ukraine and Russia interrupting businesses and critical national infrastructure, including energy and transport sectors. 
  • In August 2016, the Russian military released confidential medical files relating to a number of international athletes. The World Anti-Doping Agency has stated publically that this data came from a hack of its Anti-Doping Administration and management system.
  • In 2016, the US Democratic National Committee (DNC) was hacked by the Russian Military and documents were subsequently published online.
  • Between July and August 2015, multiple email accounts belonging to a small UK-based TV station were accessed by the Russian Military and content stolen.