Russian spies have been accused of involvement in a series of cyber plots across the globe, leading the US to level charges against seven agents.
The US Justice Department said targets included the global chemical weapons watchdog, anti-doping agencies and a US nuclear company.
The allegations are part of an organised push-back against alleged Russian cyber attacks around the world.
Russia earlier dismissed the allegations as “Western spy mania”.
The US statement came after Dutch security services said they had expelled four Russians in April over the plot against the Organisation for the Prohibition of Chemical Weapons (OPCW).
The OPCW has been probing the chemical attack on a Russian ex-spy in the UK.
A joint statement from British Prime Minister Theresa May and her Dutch counterpart Mark Rutte said the alleged plot demonstrated “the GRU’s disregard for global values and rules that keep us all safe”.
What we know about Russian ‘OPCW plot’
The risks of cyber-conflict with Russia
Earlier, the UK government accused the GRU of being behind four high-profile cyber-attacks whose targets included firms in Russia and Ukraine; the US Democratic Party; and a small TV network in the UK.
Meanwhile, British Foreign Secretary Jeremy Hunt said the UK was discussing further sanctions against Russia with its allies.
Russia is yet to comment officially. However, its foreign ministry said one would follow shortly after it dismissed the allegations as “Western spy mania…. picking up pace”.
What were the suspects doing in the Netherlands?
The four suspects identified by Dutch officials had diplomatic passports and included two IT experts and two support agents, officials said.
They hired a car and parked it in the car park of the Marriot hotel in The Hague, which is next to the OPCW office, to hack into the OPCW’s wifi network, Major General Onno Eichelsheim from the Dutch MIVD intelligence service said.
The suspects were found to have specialist hacking equipment
Equipment in the car boot was pointed at the OPCW and was being used to intercept login details. The antenna for the operation lay under a jacket on the car’s rear shelf.
When the men were intercepted they tried to destroy one of the mobile phones they were carrying.
One of their mobile phones was found to have been activated near the GRU building in Moscow. Another carried a receipt for a taxi journey from a street near the GRU to the airport.
Maj Gen Eichelsheim said the group were planning to travel to Switzerland, to a laboratory in Spiez where the OPCW analysed samples.
They never made it. Instead, the four were immediately escorted out of the country, Maj Gen Eichelsheim said.
By security correspondent Gordon Correra
Counter-intelligence investigations – tracking another country’s spies – are normally among the most secret.
So this was a stunning press conference from Dutch intelligence revealing exactly how they caught four Russian intelligence officers, what they were carrying and what they intended to do.
It is part of a co-ordinated push with the UK and US to pile on the pressure on the GRU about its activities in the wake of the Salisbury poisoning.
The revelations also went way beyond just the targeting of the OPCW to provide an insight into the “close access hacking operations” by the GRU – in which they sent operatives abroad to get physically close enough to a target to intercept communications over wifi – as well as cyber activities coming out of Moscow.
Who are the suspects?
They were named by the MIVD as hackers Alexei Morenetz and Yevgeny Serebriakov, and support agents Oleg Sotnikov and Alexei Minin.
Officials said they were from the GRU’s Unit 26165, which has also been known as APT 28. The UK’s ambassador to the Netherlands, Peter Wilson, said the unit had “sent officers around the world to conduct brazen close access cyber operations” – which involve hacking into wifi networks.
What happened to the Skripals?
Russia ‘tried to hack Foreign Office’
He said the hackers were planning to travel on to the OPCW-certified laboratory in Spiez near Berne in Switzerland, where the Novichok nerve agent used in March’s attack on Sergei Skripal and his daughter in the British city of Salisbury was identified.
At the time the Russian operation was disrupted, the OPCW was investigating the Skripal case as well as an alleged chemical attack in April on the Syrian town of Douma near Damascus, the MIVD said. Russia has accused the UK of staging the incident.
“With its aggressive cyber campaigns, we see the GRU trying to clean up Russia’s own mess – be it the doping uncovered by Wada [the World Anti-Doping Agency] or the nerve agent identified by the OPCW,” Mr Wilson said.
What was on their computer?
A laptop seized from the suspects was found to have been used in Brazil, Switzerland and Malaysia.
In Malaysia it was used to target the investigation into the downing of Malaysia Airlines flight MH-17 over rebel-held territory in eastern Ukraine in 2014, killing all 298 people on board.
Russia ‘liable’ for downing MH17 airliner
The cyber operation targeted Malaysia’s attorney general’s office and Malaysian police, Ambassador Wilson said.
Earlier this year Dutch-led international investigators concluded that the missile belonged to a Russian brigade. Russia has denied any involvement in the plane’s destruction.
Data from the laptop showed it was also present in the Swiss city of Lausanne where it was linked to the hacking of a laptop belonging to Wada, which has exposed doping by Russian athletes.