The GRU is said to have conducted cyber reconnaissance against organisers, logistics services and sponsors with the intent of compromising computer systems and sabotaging the running of the Games.
The Foreign, Commonwealth and Development Office (FCDO) and National Cyber Security Centre (NCSC) said the activity was the latest incident in a string of cyber attacks on the Olympic and Paralympic Games, which previously saw the GRU target the 2018 Winter Olympic and Paralympic Games in Pyeongchang, South Korea.
Last year, Russia was handed a four-year ban from all major global sporting events, including the Olympics, by the World Anti-Doping Agency for manipulating athletes’ doping data, a decision which Russia has appealed against.
Foreign secretary Dominic Raab condemned the actions of the Russian hackers carrying out the attacks.
“The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless,” he said.
“We condemn them in the strongest possible terms.
“The UK will continue to work with our allies to call out and counter future malicious cyber attacks.”
As well as the attacks on the Tokyo Games, which have now been postponed to 2021 because of the coronavirus pandemic, the Government said it had also uncovered new details on the Russian cyber attacks on the 2018 Pyeongchang Games.
The NCSC said the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony of the Winter Games.
The cyber agency said the GRU used data-deletion malware in those attacks with the intention of sabotaging the running of both the Winter Olympic and Paralympic Games, as the malware was designed to wipe information from computers and to disable them.
The NCSC said administrators had worked to isolate the malware and replace affected computers, which had prevented any potential disruption.
The Government said the GRU unit behind the attacks on the Olympics is the same one which targeted Ukraine’s electricity grid in 2015, and was behind the NotPetya cyber attack of 2017 which hit Ukrainian financial, energy, and government sectors as well as other European businesses.
The unit is known as the Main Centre for Special Technologies (GTsST), as well as by its field post number 74455 and a number of other names online, including Sandworm and VoodooBear.
The NCSC said the same unit is also responsible for an attack on the UK Foreign Office’s computer systems in March 2018, and another targeting the Defence and Science Technology Laboratory (DSTL) in April of the same year, which at the time was investigating the Salisbury Novichok poisoning.