US authorities have charged seven Russian military intelligence officers for hacking the organisation investigating the poisoning of ex-spy Sergei Skripal and anti-doping agencies.
The announcement by the US Justice Department comes after the British and Dutch authorities disclosed they had thwarted an attempt by the GRU to hack the headquarters of the Organisation for the Prohibition of Chemical Weapons in The Hague.
Assistant attorney general for national security John Demers said the individuals indicted in the US include some of the four GRU officers named by the UK and the Netherlands.
Three defendants had already been charged in an indictment brought in July by the office of the Special Counsel relating to a conspiracy to interfere with the 2016 US presidential elections.
Mr Demers said it was part of a Russian campaign to pursue its interests through “disinformation operations aimed at muddying or altering perceptions of the truth”.
The indictment said the GRU had targeted the hacking victims because they had publicly supported a ban on Russian athletes in international sports competitions and because they had condemned Russia’s state-sponsored athlete doping programme.
Prosecutors said the Russians had also targeted a Pennsylvania-based nuclear energy company.
The indictment says the hacking was often conducted remotely. If that was not successful, the hackers would conduct “on-site” or “close access” hacking operations, with trained GRU members travelling with sophisticated equipment to target their victims through wifi networks.
Mr Demers acknowledged the defendants were all now in Russia, but warned they “should know that justice is patient and its reach is long and its memory is longer.”
Earlier foreign Secretary Jeremy Hunt warned Moscow could face further sanctions following the release of “hard evidence” that the GRU was behind a string of cyber attacks.
“We will also be discussing how we need - working with our friends and allies - to counter this pattern of cyber attacks, which is the new type of attack that the whole world is having to deal with.”
Defence officials in the Netherlands, where OPCW is based, said four Russians had been expelled after the alleged cyber strike.
They also accused one of those GRU officers escorted out of the Netherlands of targeting the Malaysian investigation into the shooting down of flight MH17 over Ukraine in 2014 when just under 300 people travelling from Amsterdam to Kuala Lumpur died.
Mr Hunt said the alleged OPCW hack would “put to rest” any doubts people may have about the Russian military involvement in the Salisbury attack.
“Here you have evidence of the Russian military launching a cyber attack on the very organisation, the international organisation in The Netherlands, set up to investigate those Novichok attacks,” he said.
“Why would you do that if you weren’t the guilty party? The reality is that this is a pattern of cyber attacks in the UK, the US, Malaysia, Switzerland and now the Netherlands.
“The Russian government needs to know that if they flout international law in this way, there will be consequences, they will be exposed, and people will see the Russian government for what they are; which is an organisation that is trying to foster instability throughout the world and that is totally unacceptable.”
According to the evidence released by the Dutch authorities, the team of four GRU officers travelling on official Russian passports entered the Netherlands on April 10.
On April 13 they parked a car carrying specialist hacking equipment outside the headquarters of the OPCW in The Hague.
At that point the Dutch counter-terrorism officers intervened to disrupt the operation and the four GRU officers were ordered to leave the country.
The “close access” hacking attempt followed an earlier failed “spearphishing attack” on the OPCW headquarters.
Investigators also uncovered evidence the team was planning to travel on to Switzerland where the OPCW - which was at the time investigating a suspected chemical weapons attack in Syria as well the Salisbury incident - has a laboratory.
The Dutch authorities released CCTV images of the four men arriving at Schiphol Airport as well photographs of their passports.
They were named in them as Alekski Morenets and Evgenii Serebriakov, said to be cyber operators, and Oleg Soktnikov and Alexey Minim, described as humint (human intelligence) support.
The attempt on the OPCW headquarters followed unsuccessful “spearphishing” attacks by the GRU on the Foreign Office and on the defence laboratories at Porton Down where samples from the Salisbury attack were investigated.
The OPCW has confirmed the toxic chemical that killed Dawn Sturgess in Amesbury was the same nerve agent as that which poisoned Mr Skripal and his daughter, Yulia, three months earlier.
UK authorities believe two Russians, using the aliases Alexander Petrov and Ruslan Boshirov, smeared the highly toxic Novichok chemical on a door handle at the Wiltshire home of Mr Skripal on March 4.
The attack left Mr Skripal and his daughter Yulia critically ill, and Ms Sturgess, 44, who was later exposed to the same nerve agent, died in July.
The National Cyber Security Centre (NCSC) said that a number of hackers known to have launched attacks have now been linked to the GRU.
Among targets of the GRU attacks were the World Anti-Doping Agency (Wada), transport systems in Ukraine and democratic elections, such as the 2016 US presidential race, according to the NCSC.
The NCSC said it was “almost certainly” the GRU behind a “BadRabbit” attack in October 2017 that caused disruption to the Kiev metro, Odessa airport and Russia’s central bank.