British officials blamed Russia for last June’s massive “Petya” cyberattack, which crippled computer networks at multinational firms including FedEx Corp. , container-ship giant A.P. Moeller-Maersk A/S and pharmaceutical firm Merck & Co.
Ukraine, which bore the brunt of the attack, accused Russia at the time of orchestrating the attack. Wednesday’s allegations by London represented the first time a major Western government has pinned blame on Moscow for the incident.
The findings add to a litany of complaints by the West accusing Russia of cyber meddling, including U.S. allegations that Moscow influenced the 2016 U.S. presidential election. U.K. lawmakers also have raised questions about whether Russia tried to influence a 2016 referendum in which Britain voted to exit from the European Union. Russia has denied meddling in the U.S. and U.K. elections.
U.K. intelligence officials said late Wednesday that they concluded that Russia’s military was “almost certainly responsible” for the attack, according to a statement by Britain’s foreign office. It said it decided to publicly point the finger to show that the U.K. and its allies “will not tolerate malicious cyber activity.”
The U.K. didn’t provide specific evidence for its conclusion that Russia was to blame. The Russian embassy in Washington didn’t immediately respond to requests for comment late Wednesday.
The Petya computer “worm,” or malicious software, also known as NotPeyta, spread among corporate computer networks running Microsoft Corp.’s Windows systems. Similar to last May’s “WannaCry” worm, it locked computer files and demanded about $300 in digital currency from the unidentified attackers to unlock them.
Security experts said the worm appeared to stem from Ukrainian tax software.
Besides FedEx, Maersk and Merck, victims included French construction giant Saint-Gobain, British advertising firm WPP Group PLC and consumer-goods giants Mondelez International Inc. and Reckitt Benckiser Group PLC. FedEx said in September that the attack dented quarterly earnings by about $300 million, after Petya disrupted operations at Dutch subsidiary TNT Express.
Britain’s foreign office said the attack targeted Ukrainian financial, energy and government sectors, but that its “indiscriminate design” caused it to spread to other European and Russian businesses. British officials said the attack caused hundreds of millions of dollars of losses throughout Europe.
Britain has blamed Russia for meddling across U.K. media, telecommunications and energy sectors. The head of its National Cyber Security Centre, an arm of an intelligence agency, said in November that “Russia is seeking to undermine the international system.” In addition to British lawmakers calling for the government investigation into Moscow’s possible influence in the Brexit referendum, Facebook Inc. said last month that it would examine whether Russia attempted to use the social network to affect that vote.
In the U.S., top intelligence officials said Tuesday that the November midterm elections were vulnerable to the Russian interference that plagued the 2016 presidential race, especially through cyber means. The Justice Department had identified members of the Russian government involved in hacking the Democratic National Committee’s computers and swiping sensitive information that became public during the 2016 campaign.
In December, the U.S. and U.K. blamed North Korea for the “WannaCry” cyberattack that affected England’s National Health Service and other large institutions. Britain’s foreign office said North Korea was trying to circumvent economic sanctions. North Korea has denied a role in the attack.