Tag Archives: Cyber Attacks

Iran says U.S. cyber attacks failed, hints talks are possible

FILE PHOTO: Iranian President Hassan Rouhani delivers a speech at the Conference on Interaction and Confidence-Building Measures in Asia (CICA) in Dushanbe, Tajikistan June 15, 2019. REUTERS/Mukhtar Kholdorbekov/File Photo

By Stephen Kalin and Bozorgmehr Sharafedin

JEDDAH, Saudi Arabia/LONDON (Reuters) – Iran said on Monday U.S. cyber attacks on its military had failed, while also hinting that it could be willing to discuss new concessions with Washington if the United States were to lift sanctions and offer new incentives.

The longtime foes have come the closest in years to a direct military confrontation in the past week with the shooting down of a U.S. drone by Iran. U.S. President Donald Trump aborted a retaliatory strike just minutes before impact.

U.S. media have reported that the United States launched cyber attacks even as Trump called off the air strike. The Washington Post said on Saturday that the cyber strikes, which had been planned previously, had disabled Iranian rocket launch systems. U.S. officials have declined to comment.

“They try hard, but have not carried out a successful attack,” Mohammad Javad Azari Jahromi, Iran’s minister for information and communications technology, said on Twitter.

“Media asked if the claimed cyber attacks against Iran are true,” he said. “Last year we neutralized 33 million attacks with the (national) firewall.”

Allies of the United States have been calling for steps to defuse the crisis, saying they fear a small mistake on either side could trigger war.

“We are very concerned. We don’t think either side wants a war, but we are very concerned that we could get into an accidental war and we are doing everything we can to ratchet things down,” British Foreign Secretary Jeremy Hunt said.

U.S. Secretary of State Mike Pompeo jetted to the Middle East to discuss Iran with the leaders of Saudi Arabia and the United Arab Emirates, two Gulf Arab allies that favor a hard line. Pompeo met King Salman as well as the king’s son, de facto ruler Crown Prince Mohammed bin Salman.

The U.S. special representative for Iran, Brian Hook, visited Oman and was headed to Europe to explain U.S. policy to allies. He told European reporters on a phone call ahead of his arrival that Trump was willing to sit down with Iran, but Iran must do a deal before sanctions could be lifted.

CONCESSIONS

U.S.-Iran relations began to deteriorate last year when the United States abandoned a 2015 agreement between Iran and world powers designed to curb Iran’s nuclear program in return for the lifting of sanctions.

They got sharply worse last month when Trump tightened sanctions, ordering all countries to stop buying Iranian oil.

Recent weeks saw a military dimension to the confrontation, with the United States blaming Iran for attacks on vessels at sea, which Iran denies. Iran shot down the drone, saying it was in its air space, which Washington disputes. Washington also blames Iran for attacks by its Yemeni allies on Saudi targets.

Washington argues that the 2015 nuclear agreement known as the JCPOA, negotiated under Trump’s predecessor Barack Obama, did not go far enough, and that new sanctions are needed to force Iran back to the table to make more concessions.

Throughout the escalation, both sides have suggested they are willing to hold talks but the other side must move first. In the latest comment from Tehran, an adviser to President Hassan Rouhani repeated a longstanding demand that Washington lift sanctions in line with the deal.

But the adviser, Hesameddin Ashena, also tweeted a rare suggestion that Iran could be willing to discuss new concessions, if Washington were willing to put new incentives on the table that go beyond those in the deal.

“If they want something beyond the JCPOA, they should offer something beyond the JCPOA; with international guarantees.”

Iran’s foreign ministry spokesman, Abbas Mousavi, was quoted by ISNA news agency as saying on Monday Tehran did not “want a rise of tensions and its consequences”.

U.S. allies in Europe and Asia view Trump’s decision to abandon the nuclear deal as a mistake that strengthens hardliners in Iran and weakens the pragmatic faction of Rouhani.

Trump has suggested that he backed off the military strike against Iran in part because he was not sure the country’s top leadership had intended to shoot down the drone. However, an Iranian commander said Tehran was prepared to do it again.

“Everyone saw the downing of the unmanned drone,” navy commander Rear Admiral Hossein Khanzadi was quoted on Sunday as saying by the Tasnim news agency. “I can assure you that this firm response can be repeated, and the enemy knows it.”

(Reporting by Bozorgmehr Sharafedin in London and Stephen Kalin in Jeddah; Additional reporting by Robin Emmott in Brussels; Writing by Peter Graff; Editing by Jon Boyle)

U.S. initiative warns firms of hacking by China, other countries

FILE PHOTO: A Chinese flag flutters at Tiananmen Square in central Beijing, China June 8, 2018. REUTERS/Jason Lee

By Jonathan Landay

WASHINGTON (Reuters) – The Trump administration on Monday launched a drive to push U.S. firms to better protect their trade secrets from foreign hackers, following a slew of cases accusing individuals and companies of economic espionage for China.

U.S. companies hit by recent attacks included Hewlett Packard Enterprise Co and International Business Machines Corp

The National Counter-Intelligence and Security Center, which coordinates counter-intelligence efforts within the U.S. government, launched the outreach campaign to address persistent concerns that many companies are not doing enough to guard against cyber theft.

The Center is worried about cyber attacks on U.S. government agencies and the private sector from China, Russia, North Korea and Iran.

“Top corporate executives and directors should know the intent of our adversaries and what they are trying to do economically to gain the upper hand,” William Evanina, a veteran FBI agent who oversees the center, said in an interview. “We are not saying don’t invest in China or with China, but know the risk.”

The drive targets trade associations across the United States and their members. Videos, brochures and online informational materials describe the threat posed by cyber espionage and other methods used by foreign intelligence services.

One brochure details methods hackers use to break into computer networks and how they create fake social media accounts to deceive people into revealing work or personal details. It outlines ways to protect information, such as researching apps before downloading them and updating anti-virus software.

The first parts of this administration outreach effort called,”Know the Risk, Raise Your Shield,” focused mainly on federal workers. The new phase follows a series of cases announced by the U.S. government against individuals and firms for allegedly stealing government secrets and proprietary information from U.S. companies for China’s benefit.

Nine cases announced since July 2018 included the unsealing last month of an indictment of two alleged hackers linked to China’s main spy agency on charges that they stole confidential government and corporate data. The pair allegedly belonged to a hacking ring known as APT 10.

Evanina said the new campaign also focuses on what he called Moscow’s aggressive, persistent attacks on computer networks of critical U.S. infrastructure, which includes power grids and communications, financial and transportation systems.

China and Russia have repeatedly denied conducting such attacks.

The most serious threats now facing companies, Evanina said, are efforts to plant malicious software in components purchased from suppliers or to substitute counterfeit parts for genuine products.

Companies need to take greater care to counter those efforts and in vetting new hires because of the growing danger of employing people acting for foreign powers, he said.

(Reporting by Jonathan Landay; Editing by David Gregorio)

Mystery hacker steals data on 1,000 North Korean defectors in South

FILE PHOTO: A North Korean flag flutters on top of a 160-metre tower in North Korea's propaganda village of Gijungdong, in this picture taken from the Tae Sung freedom village near the Military Demarcation Line (MDL), inside the demilitarised zone separating the two Koreas, in Paju, South Korea, April 24, 2018. REUTERS/Kim Hong-Ji

By Hyonhee Shin

SEOUL (Reuters) – The personal information of nearly 1,000 North Koreans who defected to South Korea has been leaked after unknown hackers got access to a resettlement agency’s database, the South Korean Unification Ministry said on Friday.

The ministry said it discovered last week that the names, birth dates and addresses of 997 defectors had been stolen through a computer infected with malicious software at an agency called the Hana center, in the southern city of Gumi.

“The malware was planted through emails sent by an internal address,” a ministry official told reporters on condition of anonymity, due to the sensitivity of the issue, referring to a Hana center email account.

The Hana center is among 25 institutes the ministry runs around the country to help some 32,000 defectors adjust to life in the richer, democratic South by providing jobs, medical and legal support.

Defectors, most of whom risked their lives to flee poverty and political oppression, are a source of shame for North Korea. Its state media often denounces them as “human scum” and accuses South Korean spies of kidnapping some of them.

The ministry official declined to say if North Korea was believed to have been behind the hack, or what the motive might have been, saying a police investigation was under way to determine who did it.

North Korean hackers have in the past been accused of cyber attacks on South Korean state agencies and businesses.

North Korea stole classified documents from the South’s defense ministry and a shipbuilder last year, while a cryptocurrency exchange filed for bankruptcy following a cyber attack linked to the North.

North Korean state media has denied those cyber attacks.

The latest data breach comes at a delicate time for the two Koreas which have been rapidly improving their relations after years of confrontation.

The Unification Ministry said it was notifying the affected defectors and there were no reports of any negative impact of the data breach.

“We’re sorry this has happened and will make efforts to prevent it from recurring,” the ministry official said.

Several defectors, including one who became a South Korean television celebrity, have disappeared in recent years only to turn up later in North Korean state media, criticizing South Korea and the fate of defectors.

(Reporting by Hyonhee Shin; Editing by Robert Birsel)

Chinese hacking against U.S. on the rise: U.S. intelligence official

A staff member sets up Chinese and U.S. flags for a meeting in Beijing, China April 27, 2018. REUTERS/Jason Lee

By Jim Finkle and Christopher Bing

NEW YORK (Reuters) – A senior U.S. intelligence official warned on Tuesday that Chinese cyber activity in the United States had risen in recent months, and the targeting of critical infrastructure in such operations suggested an attempt to lay the groundwork for future disruptive attacks.

”You worry they are prepositioning against critical infrastructure and trying to be able to do the types of disruptive operations that would be the most concern,” National Security Agency official Rob Joyce said in response to a question about Chinese hacking at a Wall Street Journal conference.

Joyce, a former White House cyber advisor for President Donald Trump, did not elaborate or provide an explanation of what he meant by critical infrastructure, a term the U.S. government uses to describe industries from energy and chemicals to financial services and manufacturing.

In the past, the U.S. government has openly blamed hackers from Iran, Russia or North Korea for disruptive cyberattacks against U.S. companies, but not China. Historically, Chinese hacking operations have been more covert and focused on espionage and intellectual property theft, according to charges filed by the Justice Department in recent years.

A spokesperson for Joyce said he was specifically referring to digital attacks against the U.S. energy, financial, transportation, and healthcare sectors in his speech on Tuesday.

The comments follow the arrest by Canadian authorities of Meng Wanzhou, chief financial officer of Chinese telecommunications giant Huawei Technologies, at the request of the United States on Dec. 1. Wanzhou was extradited and faces charges in the U.S. related to sanctions violations.

(Reporting by Jim Finkle and Christopher Bing; Editing by Bernadette Baum)

What is Russia’s GRU military intelligence agency?

A general view shows the headquarters of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, formerly known as the Main Intelligence Directorate (GRU), in Moscow, Russia October 4, 2018. REUTERS/Stringer

By Guy Faulconbridge

LONDON (Reuters) – The West has accused Russia’s military intelligence agency (GRU) of running what it described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.

What is GRU and what does it do?

What is the GRU?

Russia’s military intelligence service is commonly known by the Russian acronym GRU, which stands for the Main Intelligence Directorate. Its name was formally changed in 2010 to the Main Directorate (or just GU) of the general staff, but its old acronym – GRU – is still more widely used.

Its published aims are the supply of military intelligence to the Russian president and government. Additional aims include ensuring Russia’s military, economic and technological security.

The GRU answers directly to the chief of the general staff, Valery Gerasimov, and the Russian defense minister, Sergei Shoigu, each of whom are thought to have access to Russia’s portable nuclear briefcase.

Russia’s two other main intelligence and security services were both created from the Soviet-era KGB: the Foreign Intelligence Service, or SVR, and the Federal Security Service, or FSB.

What are the GRU’s capabilities?

According to a Western assessment of GRU seen by Reuters, the GRU has a long-running program to run ‘illegal’ spies – those who work without diplomatic cover and who live under an assumed identity for years until orders from Moscow.

“It has a long-running program of ‘illegals’ reserved for the most sensitive or deniable tasks across the spectrum of GRU operations,” the assessment said.

The GRU is seen as a major Russian cyber player.

“It plays an increasingly important role in Russia’s development of Information Warfare (both defensive and offensive),” according to the Western assessment.

“It is an aggressive and well-funded organization which has the direct support of – and access to – [Russian President Vladimir] Putin, allowing freedom in its activities and leniency with regards to diplomatic and legislative scrutiny,” according to the assessment.

The GRU also has a considerable special forces unit. They are the elite of the Russian military.

“I don’t like rankings but the GRU is in the top levels of this business,” Onno Eichelsheim, director of the Netherlands Defence Intelligence and Security Service, told Reuters. “They are a very real threat.”

What are Western claims about GRU?

– The United States sanctioned GRU officers including its chief, Igor Korobov, for cyber attempts to interfere in the 2016 presidential election. Russia denied meddling in the election.

– Britain said two GRU officers attempted to murder former GRU double agent Sergei Skripal with Novichok. Russia denied any involvement.

– Britain said GRU was behind the BadRabbit attack of 2017, the hack of the Democratic National Committee in 2016, and attacks on the computer systems of both the Foreign Office and the Defence Science and Technology Laboratory in 2018. Russia said the accusations were fiction.

– The Netherlands said it caught four GRU cyberspies trying to hack into the Organization for the Prohibition of Chemical Weapons. It said the same group, known as unit 26165, had targeted the investigation into the downing of Malaysia Airlines flight MH-17.

– The United States charged seven GRU officers with plots to hack the World Anti-Doping Agency which had exposed a Russian doping program.

– GRU played a significant role in the 2014 annexation of Crimea, the conflict in Ukraine and the 2008 conflict with Georgia.

Note: The GRU does not have its own public web site and does not comment publicly on its actions. Its structure, staff numbers and financing are state secrets.

What is GRU’s history?

Russian spies trace their history back to at least the reign of Ivan the Terrible in the 16th Century, who established a feared espionage service.

The GRU was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Soviet state founder Vladimir Lenin insisted on its independence from other secret services, which saw it as a rival.

While the once mighty KGB was broken up during the 1991 collapse of the Soviet Union, the GRU remained intact.

GRU officers played a significant role in some of the key junctures of the Cold War and post-Soviet history – from the Cuban Missile crisis to Afghan war and the annexation of Crimea.

The public was given a rare chance to see parts of the GRU’s Moscow headquarters when Putin visited it in 2006. He was shown taking part in shooting practice.

(Editing by Richard Balmforth)

Britain says Russian military intelligence behind host of global cyber attacks

FILE PHOTO: Russian President Vladimir Putin and a masked security officer stand at a shooting gallery of the new GRU military intelligence headquarters building as he visits it in Moscow, Russia November 8, 2006.REUTERS/ITAR-TASS/PRESIDENTIAL PRESS SERVICE/File Photo

By Guy Faulconbridge and Anthony Deutsch

THE HAGUE (Reuters) – Britain accused Russian military intelligence on Thursday of directing a host of cyber attacks aimed at undermining Western democracies by sowing confusion in everything from the 2016 U.S. presidential election to the global chemical weapons watchdog.

In a British assessment based on work by its National Cyber Security Centre (NCSC), Russian military intelligence (GRU) was cast as a pernicious cyber aggressor which used a network of hackers to spread discord across the world.

GRU, Britain said, was almost certainly behind the BadRabbit and World Anti-Doping Agency attacks of 2017, the hack of the Democratic National Committee (DNC) in 2016 and the theft of emails from a UK-based TV station in 2015.

The Netherlands said it had caught four GRU officers red-handed as they tried to hack into the Organization for the Prohibition of Chemical Weapons from a hotel next door in April.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries,” said British Foreign Secretary Jeremy Hunt.

“Our message is clear – together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability,” Hunt said. Britain believes the Russian government is responsible for the attacks.

Maria Zakharova, a spokeswoman for the Russian Ministry of Foreign Affairs, told a news briefing that the British accusations were the product of someone with a “rich imagination”.

“It’s some kind of a diabolical perfume cocktail (of allegations),” TASS quoted Zakharova as telling reporters.

Though less well known than the Soviet Union’s once mighty KGB, Russia’s military intelligence service played a major role in some of the biggest events of the past century, from the Cuban missile crisis to the annexation of Crimea.

RUSSIAN CYBER POWER?

Though commonly known by the acronym GRU, which stands for the Main Intelligence Directorate, its name was formally changed in 2010 to the Main Directorate of the General Staff (or just GU). Its old acronym – GRU – is still more widely used.

It has agents across the globe and answers directly to the chief of the general staff and the Russian defense minister. The GRU does not comment publicly on its actions. Its structure, staff numbers and financing are Russian state secrets.

The GRU traces its history back to the times of Ivan the Terrible, though it was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Vladimir Lenin insisted on its independence from other secret services.

British Prime Minister Theresa May has said GRU officers used a nerve agent to try to kill former double agent Sergei Skripal, who was found unconscious in the English city of Salisbury in March. Russia has repeatedly denied the charges.

After the Skripal poisoning, the West agreed with Britain’s assessment that Russian military intelligence was to blame and launched the biggest expulsion of Russian spies working under diplomatic cover since the height of the Cold War.

According to a presentation by the head of the Netherlands’ military intelligence agency, four Russians arrived in the Netherlands on April 10 and were caught with spying equipment at a hotel located next to the OPCW headquarters.

At the time, the OPCW was working to verify the identity of the substance used in the Salisbury attack. It was also seeking to verify the identity of a substance used in an attack in Douma, Syria.

Russian President Vladimir Putin, himself a former KGB spy, said on Wednesday that Skripal, a GRU officer who betrayed dozens of agents to Britain’s MI6 foreign spy service, was a “scumbag” who had betrayed Russia.

Britain said the GRU was associated with a host of hackers including APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berkut, Voodoo Bear and BlackEnergy Actors.

“This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Foreign Secretary Hunt said.

The United States sanctioned GRU officers including its chief, Igor Korobov, in 2016 and 2018 for attempted interference in the 2016 U.S. election and cyber attacks.

Australia and New Zealand backed the United Kingdom’s findings on the GRU.

“Cyberspace is not the Wild West. The International Community – including Russia – has agreed that international law and norms of responsible state behavior apply in cyberspace,” Australia’s Prime Minister Scott Morrison said.

“By embarking on a pattern of malicious cyber behavior, Russia has shown a total disregard for the agreements it helped to negotiate,” Morrison said.

(Additional reporting by Stephanie van den Berg and Colin Packham; Editing by Stephen Addison)

U.S. warns again on hacks it blames on North Korea

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

(Reuters) – The U.S. government on Tuesday released an alert with technical details about a series of cyber attacks it blamed on the North Korean government that stretch back to at least 2009.

The warning is the latest from the Department of Homeland Security and the Federal Bureau of Investigation about hacks that the United States charges were launched by the North Korean government.

A representative with Pyongyang’s mission to the United Nations declined comment. North Korea has routinely denied involvement in cyber attacks against other countries.

The report was published as U.S. and North Korean negotiators work to resuscitate plans for a possible June 12 summit between leaders of the two nations. The FBI and DHS released a similar report in June 2017, when relations were tense between Washington and Pyongyang due to North Korea’s missile tests.

The U.S. government uses the nickname “Hidden Cobra” to describe cyber operations by the North Korean government, which it says target the media, aerospace and financial sectors and critical infrastructure in the United States and around the globe.

Tuesday’s report did not identify specific victims, though it cited a February 2016 report from several security firms that blamed the same group for a 2014 cyber attack on Sony Pictures Entertainment.

The alert provided a list of 87 IP addresses, four malicious files and two email addresses it said were associated with “Hidden Cobra.”

Last year’s alert was published on the same day that North Korea released American university student Otto Warmbier, who died days after his return to the United States following 17 months of captivity by Pyongyang

(Reporting by Jim Finkle in Toronto; Additional reporting by Rodrigo Campos in New York; Editing by Leslie Adler)

Tech firms, including Microsoft, Facebook, vow not to aid government cyber attacks

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.

The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.

“The devastating attacks from the past year demonstrate that cyber security is not just about what any single company can do but also about what we can all do together,” Microsoft President Brad Smith said in a statement. “This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”

Smith, who helped lead efforts to organize the accord, was expected to discuss the alliance in a speech on Tuesday at the RSA cyber security conference in San Francisco.

The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.

The pledge builds on an idea for a so-called Digital Geneva Convention Smith rolled out at least year’s RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.

Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.

In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.

The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.

Major U.S. technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.

(Reporting by Dustin Volz; Editing by Dan Grebler)

U.S., Britain blame Russia for global cyber attack

A man poses inside a server room at an IT company in this June 19, 2017 illustration photo. REUTERS/Athit Perawongmetha/Illustration

By Jim Finkle and Doina Chiacu

(Reuters) – The United States and Britain on Monday accused Russia of launching cyber attacks on computer routers, firewalls and other networking equipment used by government agencies, businesses and critical infrastructure operators around the globe.

Washington and London issued a joint alert saying the campaign by Russian government-backed hackers was intended to advance spying, intellectual property theft and other “malicious” activities and could be escalated to launch offensive attacks.

It followed a series of warnings by Western governments that Moscow is behind a string of cyber attacks. The United States, Britain and other nations in February accused Russia of releasing the “NotPetya” virus, which in 2017 crippled parts of Ukraine’s infrastructure and damaged computers across the globe, costing companies billions of dollars.

The Kremlin did not immediately respond to a request for comment. But Russia’s embassy in London issued a statement citing British accusations of cyber threats from Moscow as “striking examples of a reckless, provocative and unfounded policy against Russia.”

Moscow has denied previous accusations that it carried out cyber attacks on the United States and other countries.

U.S. intelligence agencies last year accused Russia of interfering in the 2016 election with a hacking and propaganda campaign supporting Donald Trump’s campaign for president. Last month the Trump administration blamed Russia for a campaign of cyber attacks that targeted the U.S. power grid.

American and British officials said that the attacks disclosed on Monday affected a wide range of organizations including internet service providers, private businesses and critical infrastructure providers. They did not identify victims or provide details on the impact of the attacks.

“When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back,” said Rob Joyce, the White House cyber security coordinator.

Relations between Russia and Britain were already on edge after Prime Minister Theresa May blamed Moscow for the March 4 nerve agent poisoning of former Russian spy Sergei Skripal and his daughter Yulia in the city of Salisbury.

“This is yet another example of Russia’s disregard for international norms and global order – this time through a campaign of cyber espionage and aggression, which attempts to disrupt governments and destabilize business,” a British government spokesman said in London.

Britain and the United States said they issued the new alert to help targets protect themselves and persuade victims to share information with government investigators so they can better understand the threat.

“We don’t have full insight into the scope of the compromise,” said U.S. Department of Homeland Security cyber security official Jeanette Manfra.

The alert is not related to the suspected chemical weapons attack in a town in Syria that prompted a U.S.-led military strike over the weekend targeting facilities of the Russian-backed Syrian government, Joyce said.

Shortly after the announcement, the White House said Joyce would leave his post and return to the U.S. National Security Agency.

U.S. and British officials warned that infected routers could be used to launch future offensive cyber operations.

“They could be pre-positioning for use in times of tension,” said Ciaran Martin, chief executive of the British government’s National Cyber Security Centre cyber defense agency, who added that “millions of machines” were targeted.

(Reporting by Jim Finkle and Doina Chiacu; Additional reporting by Estelle Shirbon in London, John Walcott and Makini Brice in Washington and Jack Stubbs and Maxim Rodionov in Moscow; Writing by Will Dunham; Editing by James Dalgleish)

After nerve agent attack, NATO sees pattern of Russian interference

NATO Secretary-General Jens Stoltenberg addresses a news conference at the Alliance headquarters in Brussels, Belgium, March 15, 2018. REUTERS/Yves Herma

By Robin Emmott

BRUSSELS (Reuters) – NATO accused Russia on Thursday of trying to destabilize the West with new nuclear weapons, cyber attacks and covert action, including the poisoning of a Russian former double agent in Britain, that blurred the line between peace and war.

NATO Secretary-General Jens Stoltenberg told reporters the use of the Novichok nerve agent against Sergei Skripal and his daughter “happened against a backdrop of a reckless pattern of Russian behavior over many years”.

Russia denies any involvement and says it is the U.S.-led Atlantic alliance that is a risk to peace in Europe.

Stoltenberg, who will meet British Foreign Secretary Boris Johnson on Monday in Brussels, said Russia was mixing nuclear and conventional weapons in military doctrine and exercises, which lowered the threshold for launching nuclear attacks, and increasingly deploying “hybrid tactics” such as soldiers without insignia.

Stoltenberg listed Russia’s 2014 annexation of Crimea, its direct support for separatists in Ukraine, its military presence in Moldova and Georgia, meddling in Western elections and its involvement in the war in Syria as evidence of Russia’s threat.

He cited the development of new nuclear weapons, which President Vladimir Putin unveiled in a bellicose speech on March 1, as another worrying development.

“BLURRING THE LINE”

He also accused Moscow of a “blurring of the line between peace, crisis and war”, which he said was “destabilizing and dangerous”.

Britain’s ambassador to the alliance briefed NATO envoys in the North Atlantic Council on Wednesday, and Stoltenberg said Britain’s National Security Adviser Mark Sedwill would address the Council later on Thursday.

While Stoltenberg stressed there had been no request from London to activate the Western military alliance’s mutual defense clause, he said Russia must be deterred.

“The UK will respond and is responding in a proportionate and measured way … I fully support there is a need for a response, because there must be consequences when we see actions like those in Salisbury,” he said.

NATO has deployed significant ground forces to the Baltic countries and Poland to dissuade Russia from repeating any Crimea-like seizures. But Stoltenberg said there was little for NATO as an alliance to do immediately in response to the nerve agent attack, beyond giving Britain strong political support.

(Reporting by Robin Emmott; editing by Philip Blenkinsop and Kevin Liffey)