Britain's foreign secretary Jeremy Hunt has said Moscow could face further sanctions in the wake of "hard evidence" the Russian military was behind a string of cyber attacks, including against the global chemical weapons watchdog investigating the Salisbury nerve agent poisoning.
British intelligence helped thwart the operation, which was launched in April against the Organisation for the Prohibition of Chemical Weapons (OPCW), a month after the Salisbury Novichok poisoning which targeted former Russian spy Sergei Skripal.
Details were revealed on Thursday, hours after the UK government accused the GRU of carrying out a wave of other cyber attacks across the globe.
Asked what actions, beyond words, the UK will take over Russia's cyber activity, Mr Hunt said the first action is to expose it.
"The words matter because there are countries all over the world that are hearing both sides of the story – they're hearing what the Russians say as well," he said.
"This is the evidence – that what we are getting from Russia is fake news, and here is the hard evidence of Russian military activity.
"But of course it will go beyond that, and that is why we will be discussing with our allies what further sanctions should be imposed.
"We will also be discussing how we need – working with our friends and allies – to counter this pattern of cyber attacks, which is the new type of attack that the whole world is having to deal with."
Officials in the Netherlands, where OPCW is based, said four Russians had been expelled after the alleged cyber strike.
The UK government also accused one of those GRU officers escorted out of the Netherlands of targeting the Malaysian investigation into the shooting down of flight MH17 over Ukraine in 2014 when just under 300 people travelling from Amsterdam to Kuala Lumpur died.
Mr Hunt added that the alleged OPCW hack will "put to rest" any doubts people may have about the Russian military involvement in the Salisbury attack.
"Here you have evidence of the Russian military launching a cyber attack on the very organisation, the international organisation in The Netherlands, set up to investigate those Novichok attacks," he said.
"Why would you do that if you weren't the guilty party? The reality is that this is a pattern of cyber attacks in the UK, the US, Malaysia, Switzerland and now the Netherlands.
"The Russian government needs to know that if they flout international law in this way, there will be consequences, they will be exposed, and people will see the Russian government for what they are; which is an organisation that is trying to foster instability throughout the world and that is totally unacceptable."
When pressed on whether Britain's use of tough language could lead to an escalation in tensions and possibly a third world war, Mr Hunt said that will be avoided.
"The way we are going to prevent an escalation is by making sure when this kind of thing happens that Russia knows it is a red line, that there are consequences, that the price is going to be too high," he said.
The team of four GRU officers travelling on official Russian passports entered the Netherlands on April 10.
On April 13 they parked a car carrying specialist hacking equipment outside the headquarters of the OPCW in The Hague.
At that point the Dutch counter-terrorism officers intervened to disrupt the operation and the four GRU officers were ordered to leave the country.
The "close access" hacking attempt followed an earlier failed "spearphishing attack" on the OPCW headquarters.
Two of the officers were planning to travel on to Switzerland where the OPCW – which was at the time investigating the Salisbury attack and a suspected chemical weapons attack in Syria – has laboratories.
The Dutch authorities released CCTV images of the four men arriving at Schiphol Airport as well photographs of their passports.
They were named in them as Alekski Morenets, described as a cyber operator, Evgenii Serebriakov, also a cyber operator, Oleg Soktnikov, described as humint (human intelligence) support and Alexey Minin, also humint support.
The attempt on the OPCW headquarters followed unsuccessful "spearphishing" attacks by the GRU on the Foreign Office and on the defence laboratories at Porton Down where samples from the Salisbury attack were investigated.
Peter Wilson, the UK's ambassador to the Netherlands said the hacking attack happened when the "OPCW was working to independently verify the United Kingdom's analysis of the chemical weapons used in the poisoning of the Skripals in Salisbury".
The OPCW has confirmed the toxic chemical that killed Dawn Sturgess in Amesbury was the same nerve agent as that which poisoned Sergei and Yulia Skripal three months earlier.
UK authorities believe two Russians, using the aliases Alexander Petrov and Ruslan Boshirov, smeared the highly toxic Novichok chemical on a door handle at the Wiltshire home of Mr Skripal on March 4.
The attack left Mr Skripal and his daughter Yulia critically ill, and Ms Sturgess, 44, who was later exposed to the same nerve agent, died in July.
Earlier Mr Hunt said the GRU was waging a campaign of "indiscriminate and reckless" cyber strikes targeting political institutions, businesses, media and sport.
The National Cyber Security Centre (NCSC) said that a number of hackers known to have launched attacks have now been linked to the GRU.
Among targets of the GRU attacks were the World Anti-Doping Agency (Wada), transport systems in Ukraine and democratic elections, such as the 2016 US presidential race, according to the NCSC.
The NCSC said it was "almost certainly" the GRU behind a "BadRabbit" attack in October 2017 that caused disruption to the Kyiv metro, Odessa airport and Russia's central bank.
And Britain's cyber security chiefs say they have "high confidence" Russian intelligence was responsible for a strike on Wada.
The NCSC also stated that the GRU was "almost certainly" to blame for hacking the Democratic National Committee during the US presidential election in 2016.
And the agency pointed the finger at the GRU for accessing email accounts at a small UK-based TV station in 2015.
