Breaking - Dutch intelligence (with help of British) disrupted a Russian GRU cyber operation targeting OPCW on April 13th. Four Russian intelligence officers escorted out of country.

MORE - Investigation of laptop of one of four Russian intelligence officers found it was also active in Brazil, Switzerland and Malaysia. In Malaysia it was used to target the investigation into MH-17 crash.

More details will come from a US DOJ indictment this afternoon, Dutch government says. Unusual to release details of a counterintelligence investigation, Dutch say, but its because want to send a clear message that Russia must stop these operations.

GRU was planning a ‘close access hacking operation' targeting the wifi-network of the OPCW

4 Russian individuals came to Netherlands on diplomatic passports in April. It became clear were GRU officers. Press conference being shown pictures of the men arriving at airport - all are being named. Two cyber operators had sequential passport numbers. Accompanied by 2 others

Intelligence supplied by UK helped show they were planning a close access hacking operation at the OPCW using a new technique. Found equipment in car boot used to intercept people's log-ins. Antenna was pointed at OPCW

When equipment was turned on there was a threat to OPCW and so arrested and deported. How can we be sure not on holiday, asks Dutch intelligence chief in a reference to the RT interview of the Salisbury duo? They carried multiple phones and tried to destroy one when arrested.

Men had specialist equipment. One of their cell phones activated in Moscow in April – near the GRU. One carried a taxi receipt for journey from street right by GRU to the international airport on 10 april.

Laptop data showed other trips. Present in Lausanne linked to hacking of a WADA conference laptop. Also present in Malaysia at hotel where those looking into MH-17 crash based. Also may have been intending to go to Switzerland after Netherlands - probably to Spiez lab.

Team deported were from GRU Unit 26165 – same as APT 28, says UK official. Another unit is sandworm - active remotely from Russia. It was active after Salisbury – In March it tried to compromise UK foreign office computer systems and in April targeted DSTL and OPCW

US DOJ will disclose charges this afternoon against Russian intelligence officers, says Dutch defence minister. Also Russian Ambassador has just been summoned to Dutch Ministry of Foreign Affairs to be told behaviour unacceptable

Just asked Dutch intelligence chief if target was Skripal investigation - he says it is impossible to be sure from technical evidence but it is the case they were trying to target the OPCW at the time it was investigating the Skripal case and the Douma case in Syria

One addition - intelligence from GRU laptop shows at a conference in Lausanne not just World Anti-Doping Agency hacked and then infected with APT 28 malware but also International Olympic Committee

FBI has a useful guide to how the GRU 'Close Access' kit found in the car in the Hague worked. Members of GRU Unit 26165 certainly got their air miles - Rio, Malaysia, Amsterdam, Switzerland.

You can follow @gordoncorera.

Share this thread

Bookmark

____

Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.



Enjoy Threader? Sign up.



Since you’re here...



... we’re asking visitors like you to make a contribution to support this independent project. In these uncertain times, access to information is vital. Threader gets 1,000,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Your financial support will help two developers to keep working on this app. Everyone’s contribution, big or small, is so valuable. Support Threader by becoming premium or by donating on PayPal. Thank you.



Download Threader on iOS.