Hours before the U.S. indictment was announced, Western nations accused the GRU of new cybercrimes, with Dutch and British officials labeling the intelligence agency "brazen" for allegedly targeting the international chemical weapons watchdog and the investigation into the 2014 downing of a Malaysian Airlines flight over eastern Ukraine.
The U.S. indictment said that the GRU targeted its victims because they had publicly supported a ban on Russian athletes in international sports competitions and because they had condemned Russia's state-sponsored athlete doping program.
Prosecutors said that the Russians also targeted a Pennsylvania-based nuclear energy company and an international organization that was investigating chemical weapons in Syria and the poisoning of a former GRU officer.
The indictment says the hacking was often conducted remotely. If that wasn't successful, the hackers would conduct "on-site" or "close access" hacking operations with trained GRU members traveling with sophisticated equipment to target their victims through Wi-Fi networks
The GRU's alleged hacking attempts on the Organization for the Prohibition of Chemical Weapons took place in April and were disrupted by authorities, Dutch Defense Minister Ank Bijleveld said. Four Russian intelligence officers were immediately expelled from the Netherlands, she said.
Speaking about Russia's hacking attempts into the MH17 crash investigation, she said: "We have been aware of the interest of Russian intelligence services in this investigation and have taken appropriate measures."
The cascade of condemnation — from the Australian, British and Dutch governments — does more than just point the finger at Moscow. It also ties together a series of norm-shattering spy operations that have straddled the physical world and the digital sphere.
The British ambassador to the Netherlands said that the men caught with spy gear outside The Hague-based OPCW, for example, were from the very same GRU section (Unit 26165) accused by American investigators of having broken into the Democratic National Committee's email and sowing havoc during the 2016 U.S. presidential election.
The OPCW, in turn, was investigating the poisoning of GRU defector Sergei Skripal in which the nerve agent Novichok was used, a bold operation that British authorities dissected in a minute-by-minute surveillance camera montage last month.
At the same time, Australian and British spies have now endorsed the American intelligence community's reported attribution of the catastrophic June 2017 cyberattack on Ukraine to the GRU. The malicious software outbreak briefly knocked out cash machines, gas stations, pharmacies and hospitals and, according to a secret White House assessment recently cited by Wired, dealt $10 billion worth of damage worldwide.
The hack and release of sports figures' medical data in 2016 and the downing of MH17 over eastern Ukraine in 2014 also allegedly carry the GRU's fingerprints. Dutch investigators said the snoopers nabbed outside the OPCW also appear to have logged into the Wi-Fi networks near the World Anti-Doping Agency and the Malaysian hotels where crash investigators had gathered.
Moscow has issued the latest in a series of denials, but the allegations leveled by Western intelligence agencies, supported by a wealth of surveillance footage and overwhelmingly confirmed by independent reporting, paint a picture of the GRU as an agency that routinely crosses red lines — and is increasingly being caught red-handed.
Moscow has denied the allegations, but Russia's interests were at stake in both cases: the OPCW was investigating reports that a Soviet-made nerve agent had been used against a Russian ex-spy in England, and Russia has been blamed by some for being involved in shooting down MH17.
The leaders of Britain and the Netherlands condemned the GRU for "reckless" activities and vowed to defend vital international agencies from Russian aggression. "This attempt, to access the secure systems of an international organization working to rid the world of chemical weapons, demonstrates again the GRU's disregard for the global values and rules that keep us all safe," British Prime Minister Theresa May and Dutch counterpart Mark Rutte said in a joint statement.
The coordinated actions by both countries came hours before an expected U.S. indictment involving Russian attempts to hack into computer systems. The Dutch and British blamed Russia's GRU for "brazen" activities across the globe and for trying to cover up Russia's alleged participation in the nerve agent poisoning in March of Skripal and his daughter, and the downing of MH17 over Ukraine that killing all 298 people on board during a period of intense fighting between Ukrainian government forces and pro-Russia rebels. Russia has consistently denied involvement in the events.
Britain's ambassador to the Netherlands, Peter Wilson, said the GRU would no longer be allowed to act with impunity. Britain blames the secretive military intelligence unit for the nerve agent attack in March on former Russian spy Skripal and his daughter, Yulia, in the English city of Salisbury.
He said Russia's actions against the Netherlands-based OPCW came as the agency was conducting an independent analysis of the nerve agent used against the Skripals. Britain says the nerve agent was Novichok, produced in the Soviet Union, a finding later confirmed by the chemical weapons watchdog.
Earlier, British Defense Secretary Gavin Williamson branded a series of global cyberattacks blamed on Russia as the reckless actions of a "pariah state," saying that the U.K. and its NATO allies would uncover such activities in the future.
"Where Russia acts in an indiscriminate and reckless way, where they have done in terms of these cyberattacks, we will be exposing them," Williamson told reporters in Brussels at talks with U.S. Defense Secretary Jim Mattis and their NATO counterparts.
Britain's National Cyber Security Center said Thursday that four new attacks are associated with the GRU as well as earlier security hacks. It cites attacks on the World Anti-Doping Agency, Ukrainian transport systems, the 2016 U.S. presidential race and others as very likely the work of the GRU.
"We are going to actually make it clear that where Russia acts, we are going to be exposing that action," Williamson said. "This is not the actions of a great power. This is the actions of a pariah state, and we will continue working with allies to isolate them; make them understand they cannot continue to conduct themselves in such a way," he said.
Earlier, Australian Prime Minister Scott Morrison and Foreign Minister Marise Payne issued a joint statement that Australian intelligence agencies agreed that GRU "is responsible for this pattern of malicious cyber activity." They said Australia wasn't significantly impacted, but the cyberattacks caused economic damage and disrupted civilian infrastructure in other places.
A previous version of this story was corrected to show the chemical weapons watchdog is an international organization, not a U.N. agency.
Gregory Katz and Raphael Satter reported from London. Raf Casert in Brussels, and Michael Balsamo and Eric Tucker in Washington, contributed to this report.