(L/R): Head of Dutch Military Intelligence and Security Service Onno Eichelsheim, Minister of Defence Ank Bijleveld and British ambassador Peter Wilson attend a press conference of the Dutch Military Intelligence and Security Service (MIVD) at The Hague, The Netherlands, on October 4, 2018. - Dutch intelligence thwarted a Russian cyber attack targeting the global chemical weapons watchdog in April and expelled four Russian agents, the government said. The Russians set up a car full of electronic equipment in the car park of a hotel next to the Organisation for the Prohibition for Chemical Weapons in The Hague in a bid to hack its computer system, it said. (Photo by Bart Maat / ANP / AFP) / Netherlands OUT        (Photo credit should read BART MAAT/AFP/Getty Images)
BART MAAT/AFP/Getty Images
(L/R): Head of Dutch Military Intelligence and Security Service Onno Eichelsheim, Minister of Defence Ank Bijleveld and British ambassador Peter Wilson attend a press conference of the Dutch Military Intelligence and Security Service (MIVD) at The Hague, The Netherlands, on October 4, 2018. - Dutch intelligence thwarted a Russian cyber attack targeting the global chemical weapons watchdog in April and expelled four Russian agents, the government said. The Russians set up a car full of electronic equipment in the car park of a hotel next to the Organisation for the Prohibition for Chemical Weapons in The Hague in a bid to hack its computer system, it said. (Photo by Bart Maat / ANP / AFP) / Netherlands OUT (Photo credit should read BART MAAT/AFP/Getty Images)
Now playing
01:11
Russia denies western accusations of attacks
putin response russian spy lon orig bks_00003009.jpg
BBC
putin response russian spy lon orig bks_00003009.jpg
Now playing
01:30
Reporter confronts Putin about spy poisoning
The UK will expel 23 Russian diplomats from the country after concluding that the Russian state is responsible for the attempted murder of former Russian agent, Sergei Skripal and his daughter Yulia in Salisbury on March 4th.  They will have one week to leave.   "For those who seek to do us harm, my message is simple. You are not welcome here."
Bowtie TV
The UK will expel 23 Russian diplomats from the country after concluding that the Russian state is responsible for the attempted murder of former Russian agent, Sergei Skripal and his daughter Yulia in Salisbury on March 4th. They will have one week to leave. "For those who seek to do us harm, my message is simple. You are not welcome here."
Now playing
01:08
Theresa May: UK will expel 23 Russian diplomats
A Russian flag flies next to the US embassy building in Moscow on July 31, 2017. (MLADEN ANTONOV/AFP/Getty Images)
MLADEN ANTONOV/AFP/Getty Images
A Russian flag flies next to the US embassy building in Moscow on July 31, 2017. (MLADEN ANTONOV/AFP/Getty Images)
Now playing
01:04
Suspected Russian spy worked inside US embassy
 Steven Seagal (R) delivers a press conference with Costa Rican President, Oscar Arias (out of frame), on February 11, 2009, at the presidential residence in San Jose. Seagal and Arias met to talk about the possibility of real estate and film industry investments in Costa Rica. AFP PHOTO/ Mayela LOPEZ (Photo credit should read MAYELA LOPEZ/AFP/Getty Images)
MAYELA LOPEZ/AFP/Getty Images
Steven Seagal (R) delivers a press conference with Costa Rican President, Oscar Arias (out of frame), on February 11, 2009, at the presidential residence in San Jose. Seagal and Arias met to talk about the possibility of real estate and film industry investments in Costa Rica. AFP PHOTO/ Mayela LOPEZ (Photo credit should read MAYELA LOPEZ/AFP/Getty Images)
Now playing
02:30
Putin appoints Steven Seagal for diplomat job
russia new nuclear weapons putin chance lkl vpx _00002715.jpg
Russian Defense Ministry
russia new nuclear weapons putin chance lkl vpx _00002715.jpg
Now playing
01:09
Russia releases video of new nuclear weapons
SALISBURY, ENGLAND - JULY 05:  A police officer stands by a cordon in place at Queen Elizabeth Gardens in Salisbury after a major incident was declared when a man and woman were exposed to the Novichok nerve agent on July 5, 2018 in Salisbury, England. The couple, named locally as Dawn Sturgess 44, and Charlie Rowley, 45 were taken to Salisbury District Hospital on Saturday and remain there in a critical condition. In March Russian former spy Sergei Skripal and his 33-year-old daughter Yulia were poisoned with the Russian-made Novichok in the town of Salisbury. British Prime Minister Theresa May has accused Russia of being behind the attack on the former spy and his daughter, expelling 23 Russian diplomats in retaliation. (Photo by Jack Taylor/Getty Images)
Jack Taylor/Getty Images
SALISBURY, ENGLAND - JULY 05: A police officer stands by a cordon in place at Queen Elizabeth Gardens in Salisbury after a major incident was declared when a man and woman were exposed to the Novichok nerve agent on July 5, 2018 in Salisbury, England. The couple, named locally as Dawn Sturgess 44, and Charlie Rowley, 45 were taken to Salisbury District Hospital on Saturday and remain there in a critical condition. In March Russian former spy Sergei Skripal and his 33-year-old daughter Yulia were poisoned with the Russian-made Novichok in the town of Salisbury. British Prime Minister Theresa May has accused Russia of being behind the attack on the former spy and his daughter, expelling 23 Russian diplomats in retaliation. (Photo by Jack Taylor/Getty Images)
Now playing
02:02
Russia denies involvement in poisoning attacks
Reuters
Now playing
00:54
May: Nerve agent poisoning deeply disturbing
 A CNN team accessed the Malaysia Airlines flight 17 (MH17) crash site, July 30, 2014 and found evidence that there are still belongings at the site, including pieces of the plane .
Raja Razek/CNN
A CNN team accessed the Malaysia Airlines flight 17 (MH17) crash site, July 30, 2014 and found evidence that there are still belongings at the site, including pieces of the plane .
Now playing
00:49
Investigators: MH17 downed by Russian missile
Yulia Skripal poses for the media during an interview in n London, Wednesday May 23, 2018. Yulia Skripal says recovery has been slow and painful, in first interview since nerve agent poisoning. (Dylan Martinez/Pool via AP)
Dylan Martinez/AP
Yulia Skripal poses for the media during an interview in n London, Wednesday May 23, 2018. Yulia Skripal says recovery has been slow and painful, in first interview since nerve agent poisoning. (Dylan Martinez/Pool via AP)
Now playing
02:34
Daughter of poisoned ex-spy: Lucky to be alive
GOOGLE EARTH
Now playing
01:28
Russia blames Israel for strikes on Syria
CNN PHOTO ILLUSTRATION/GETTY IMAGES
Now playing
02:36
Why Hungary is looking more and more like Russia
A Russian flag flies next to the US embassy building in Moscow on March 27, 2018. (MLADEN ANTONOV/AFP/Getty Images)
MLADEN ANTONOV/AFP/Getty Images
A Russian flag flies next to the US embassy building in Moscow on March 27, 2018. (MLADEN ANTONOV/AFP/Getty Images)
Now playing
02:26
Russia retaliates, expels 60 US diplomats
Presidential candidate, President Vladimir Putin addresses the crowd during a rally and a concert celebrating the fourth anniversary of Russia's annexation of Crimea at Manezhnaya Square in Moscow on March 18, 2018. / AFP PHOTO / POOL / Alexander Zemlianichenko        (Photo credit should read ALEXANDER ZEMLIANICHENKO/AFP/Getty Images)
ALEXANDER ZEMLIANICHENKO/AFP/AFP/Getty Images
Presidential candidate, President Vladimir Putin addresses the crowd during a rally and a concert celebrating the fourth anniversary of Russia's annexation of Crimea at Manezhnaya Square in Moscow on March 18, 2018. / AFP PHOTO / POOL / Alexander Zemlianichenko (Photo credit should read ALEXANDER ZEMLIANICHENKO/AFP/Getty Images)
Now playing
01:35
Russia votes: How the day unfolded
Russian President Vladimir Putin delivers a speech during a meeting with Russian athletes and team members, who will take part in the upcoming 2018 Pyeongchang Winter Olympic Games, at the Novo-Ogaryovo state residence outside Moscow on January 31, 2018. / AFP PHOTO / SPUTNIK / Alexey NIKOLSKYALEXEY NIKOLSKY/AFP/Getty Images
ALEXEY NIKOLSKY/AFP/AFP/Getty Images
Russian President Vladimir Putin delivers a speech during a meeting with Russian athletes and team members, who will take part in the upcoming 2018 Pyeongchang Winter Olympic Games, at the Novo-Ogaryovo state residence outside Moscow on January 31, 2018. / AFP PHOTO / SPUTNIK / Alexey NIKOLSKYALEXEY NIKOLSKY/AFP/Getty Images
Now playing
03:47
How do you become president of Russia?
(CNN) —  

Western governments mounted an unprecedented and coordinated fightback Thursday against “brazen” attempts by Russia to meddle in international affairs, publicly unmasking alleged intelligence agents and blaming Moscow for a series of audacious cyberattacks.

The Dutch government accused Russia’s military intelligence agency, the GRU, of targeting the world’s chemical weapons watchdog, the Organisation for the Prohibition of Chemical Weapons (OPCW), through a foiled cyber operation.

Hours earlier, Britain, backed by close intelligence allies Australia and New Zealand, pointed the finger at the GRU for carrying out a worldwide campaign of “malicious” cyberattacks, including the hacking of the US Democratic National Committee in 2016.

The US Justice Department, meanwhile, announced criminal charges against seven Russian intelligence officers, accusing them in a sprawling indictment of hacking, wire fraud, identity theft and money laundering as part of an effort to distract from Russia’s state-sponsored sports doping program.

Four of the names given in the US indictment match those given by Dutch authorities in connection with the alleged plot against the OPCW.

The choreographed announcements by Western allies amounted to a significant escalation of tensions with Moscow.

“The GRU has interfered in free elections and pursued a hostile campaign of cyberattacks,” said Peter Wilson, the British ambassador to the Netherlands. “It is an aggressive, well-funded body of the Russian state. It can no longer be allowed to act across the world… with apparent immunity.”

Russia must know there is “a red line” and that “if they try to intervene in the democratic processes of other countries, they will be exposed and there will be consequences,” UK Foreign Secretary Jeremy Hunt said.

NATO Secretary General Jens Stoltenberg said its members “stand in solidarity with the decision by the Dutch and British governments to call out Russia on its blatant attempts to undermine international law and institutions,” and that the alliance would continue to strengthen its defenses against cyber threats.

The Dutch operation

Dutch authorities named four alleged Russian agents.
Dutch Ministry of Defense
Dutch authorities named four alleged Russian agents.

Dutch officials gave unprecedented details as they outlined the alleged Russian operation at a joint Dutch-UK government news conference in The Hague.

Describing it as “very worrying,” Bijleveld-Schouten said four Russian military intelligence officers were expelled on April 13, the same day the plot targeting the OPCW was detected.

They left belongings behind, she said, that also enabled the Dutch to discover that one of the agents’ laptops had made connections to Brazil, Switzerland and Malaysia, trying to interfere with the investigation into the downing of Malaysia Airlines Flight 17 in eastern Ukraine in 2014.

The head of Dutch counterintelligence, Maj. Gen. Onno Eichelsheim, named the four alleged Russian officers as Aleksei Morenets and Evgenii Serebriakov – who had consecutive passport numbers, he said – Oleg Sotnikov and Alexey Minin.

Dutch officials annotated a photo of the trunk of a car they say was used by Russian spies.
Dutch Ministry of Defense
Dutch officials annotated a photo of the trunk of a car they say was used by Russian spies.

The alleged agents were traveling on diplomatic passports, Eichelsheim said. One of them, Morenets, “had a taxi receipt on him … from the location Nesvizkhskiy Pereulok to the airport in Moscow,” he said. “That’s the road that borders … the GRU.”

Russia’s embassy in the UK dismissed Britain’s claims that Moscow was behind a string of global cyberattacks as “crude disinformation” aimed at confusing public opinion.

“This statement is reckless. It has become a tradition for such claims to lack any evidence. It is yet another element of the anti-Russian campaign by the UK government,” it said in a statement.

“By the way, it is hardly a coincidence that these accusations appear exactly at the time of NATO defense ministers meeting in Brussels and announcements of creating special cyber attack military units in several Western countries.”

’Aware of security’

Addressing reporters, Eichelsheim, the Dutch counterintelligence head, gave a detailed description of what the four alleged GRU officers were doing when their operation was disrupted.

The four agents arrived in the Netherlands on April 10, rented a car the following day, and parked it in a hotel parking lot as close as possible to the OPCW headquarters in The Hague, Eichelsheim said.

“They were doing some exploration work for a close-access hack operation,” he said.

“We know for sure they were not on holiday in the Netherlands. They had numerous telephones on them, different sizes, different makes. They had quite a few on them personally,” he said. “Morenets tried to destroy the phone, or at least break the phone, when the operation was destroyed … he did not succeed completely.”

Dutch officials said Morenets had tried to break a smartphone he was carrying.
Dutch Ministry of Defense
Dutch officials said Morenets had tried to break a smartphone he was carrying.

Sotnikov had a large amount of cash on him: 20,000 euros and $20,000, Eichelsheim said. “That is not an amount I carry on holiday,” he said.

“They were very aware of security,” the Dutch official said, adding that they took garbage out of their hotel rooms.

“In the boot of the Citron C3 (car they rented), we recognized high-value, high-grade equipment to hack Wi-Fi channels,” he said. “The main element is of course the antenna … that needs to access the network, in this case the network of the OPCW. The antenna aimed towards the OPCW.”

Dutch officials provided passport details of the four alleged Russian officers.
Dutch Ministry of Defense
Dutch officials provided passport details of the four alleged Russian officers.

A battery to boost the power of their equipment was bought on April 11. “This battery was active in the back of this car at the Marriott hotel,” Eichelsheim said.

“That caused an immediate threat to the OPCW network,” he said.

The four alleged agents planned to travel next to an OPCW-accredited Swiss laboratory in Spiez, Bern, that does research into chemical weapons, Eichelsheim said. They had bought train tickets for April 17 from the Dutch city of Utrecht to Switzerland, he said, but did not get there because their operation was disrupted.

Eichelsheim said his service’s actions had prevented serious damage to the OPCW.

“We must not forget that at that time the OPCW was investigating the Skripals and the chemical attack in Douma,” he added, referring to attacks in Salisbury, England, and Syria respectively.

Britain has blamed the GRU for the poisoning of Russian former double agent Sergei Skripal and his daughter Yulia with a military-grade nerve agent in Salisbury on March 4.

The Kremlin has consistently dismissed official British allegations.

Anti-doping agencies targeted

The US indictment named the seven defendants, all said to be Russian nationals and residents, as Aleksei Morenets, 41; Evgenii Serebriakov, 37; Ivan Yermakov, 32; Artem Malyshev, 30; Dmitriy Badin, 27; Oleg Sotnikov, 46; and Alexey Minin, 46.

US officials allege that Yermakov, Malyshev, Badin and others would often use spearphishing emails, proxy servers, malware and fictitious personas as they targeted their victims.

“When the conspirators’ remote hacking efforts failed to capture log-in credentials, or if the accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, teams of GRU technical intelligence officers, including Morenets, Serebriakov, Sotnikov, and Minin, traveled to locations around the world where targets were physically located,” the indictment said.

If their hacking efforts – made using “specialized equipment” – were successful, the “close access teams” would then transfer access to conspirators in Russia for exploitation, it said.

The victims included anti-doping agencies and officials, sporting federations and nearly 250 athletes, the indictment said. The GRU also targeted others including the Westinghouse Electric Corporation, a nuclear energy company in Pennsylvania, it added.

GRU hackers blamed

In statements Thursday, British, Australian and New Zealand authorities attributed four high-profile cyberattacks to GRU-backed hackers. The attacks targeted four sectors that impact people’s daily lives – democracy, transport, media and sport. They were:

Bad Rabbit

The Bad Rabbit ransomware attack in 2017 spread through Russia and Ukraine around the world. Ransomware attacks involve threatening a user’s files or computer access in exchange for a ransom.

In the case of Bad Rabbit, the hackers disguised the ransomware as an update to Adobe software before locking down computers and demanding money for people to get their files back.

Most victims were located in Russia, but several cybersecurity firms identified attacks linked to Bad Rabbit in Turkey, Germany, Bulgaria, Japan, South Korea and the United States.

World Anti-Doping Agency hack

The WADA attack involved the release of Therapeutic Use Exemptions (TUE) for sports stars including American four-time Olympic gold medalist Simone Biles as well as tennis sisters Venus and Serena Williams.

At the time, WADA President Craig Reedie said that the hacking was clearly a retaliatory attack after 118 of Russia’s athletes were banned from competing at the Rio 2016 Olympic Games following revelations of “state-sponsored” doping.

DNC attack

All three countries said they had determined Russia hacked the Democratic National Convention ahead of the 2016 presidential election. That hack led to the release of a batch of private emails and notes, including many that belonged to Hillary Clinton’s campaign manager, John Podesta.

In the months following the cyberattack, the US intelligence community concluded that Russia did in fact attempt to interfere in the 2016 presidential elections, and top national security officials said in August that Russia is continuing to pursue similar efforts.

TV station attack

The statements accused Russia of stealing content and illicitly accessing email accounts from a small UK-based TV station in July and August 2015. The station was not named.

CNN’s Richard Allen Greene, Mary Ilyushina, Zahra Ullah and Laura Jarrett contributed to this report.