The Russian ICC (I). Introduction: the Russians are coming!

We often talk about Russian APTs, Russian malware, Russian groups … But who are the “Russians”? We will analyze, in a series of posts, who “the Russians” really are, what Russia is (from the point of view of intelligence and security), what their services are – and their APTs -, what relations they have with the rest of the Ecosystem in the Russian information war, what objectives they have, what information they are looking for, etc. In short, we will try to get to know the Russian Cyber Intelligence Community a little better, to these supposedly Russian threats that we find all the time in different organizations.

Of course, all the information collected here was obtained from public sources and represents no more than private opinions, interpretations, analyses, issues … surely all of them wrong because … what exactly is attribution?

Let’s begin: as it could not be any other way (otherwise we would not be dedicating a series) one of the main actors in the field of (cyber) intelligence is Russia; perhaps this is currently the country that most sophisticated in its attacks: targeted, stealthy and technically brilliant, with very high rates of persistence due to the complexity of detection (of course, with the permission of the United States …). Russian APTs are often well-identified with the information they need, where it is, and who handles it, and so they focus on the exact theft of such data, as we said in the most secretive way possible.

This is nothing new. Historically, the former Soviet Union and its intelligence services (that KGB that no longer exists) have been very active in signals intelligence (SIGINT) – the closest, if not the same, to what we put the prefix “cyber” to today -, having the most complete and most expensive interception, processing and analysis capabilities; In the 1980s, these capabilities employed more than 300,000 people, about five times more than the US NSA at the time – all these data are estimated, because information in both cases is classified. We can refer to an excellent reference, historical, 1989- about Soviet signals intelligence in Desmond Ball’s Soviet Signals Intelligence (SIGINT), published by the Strategic and Defense Studies Center, Research School of Pacific Studies (Australian National University) within the series Canberra papers on strategy and defense.

Today, Russia continues to be frantic – always seemingly – in different acquisition disciplines, including signals intelligence, a field that includes the passive interception of communications in networks and systems, even the jeopardy of these environments to acquire information.

As a matter of curiosity, the Overseas Security Advisory Council (OSAC), a subsidiary of the US Department of State, warns its citizens who travel to Russia of these economic and industrial espionage activities, with habitual information theft from computer systems, and warns them of the lack of privacy by stating that they “must assume that all communications are monitored.” In Spain, the Ministry of Defense may prohibit military personnel from traveling to certain countries, such as Russia or Cuba, because of the considerable risk of espionage they may suffer there. And it is that Spain is, as we shall see, a historical objective of the Soviet services and, now, of the Russian services.

– All post about the Russian ICC –

  1. The Russian ICC (I). Introduction: the Russians are coming!
  2. The Russian ICC (II). Context: Russia
  3. The Russian ICC (III): the Community
  4. The Russian ICC (IV): A bit of history: FAPSI
  5. The Russian ICC (V): FSB
  6. The Russian ICC (VI): SVR
  7. The Russian ICC (VII): FSO
  8. The Russian ICC (VIII): GRU
  9. The Russian ICC (IX): APT groups
  10. The Russian ICC (X): the intelligence ecosystem
  11. The Russian ICC (XI): The intelligence ecosystem. Companies
  12. The Russian ICC (XII): The intelligence ecosystem. Web brigades
  13. The Russian ICC (XIII): The intelligence ecosystem. Patriotic hackers
  14. The Russian ICC (XIV): The intelligence ecosystem. Cybercrime
  15. The Russian ICC (XV): objectives. Information needs
  16. The Russian ICC (XVI): objectives. Countries
  17. The Russian ICC (XVII): objectives. Spain
  18. The Russian ICC (XVIII). Conclusions

See also in: