The Russian ICC (XVII): objectives. Spain

The First General Directorate of the KGB was responsible for all operations of the service outside the USSR; this Directorate included departments focused on different geographical areas of the world, which were the operational nucleus of the General Directorate and were responsible, among other things, for the duties of almost all KGB-linked companies operating outside Soviet territory. And within these geographical departments, the Fifth was concerned with France, Italy, the Netherlands, Ireland … and Spain. Certainly we did not reach the level of the United States and Canada (First Department, exclusively occupied by these two countries) but we were not very far, perhaps on a second level. For different reasons that have obviously changed over the years, since the Civil War until now Spain has been a historical objective (not the most important, but relevant) for Soviet intelligence and now it is still so for Russian intelligence: from the NKVD during its lifetime to the current services, obviously passing through the KGB from the middle to the end of the last century. Exactly the same as the USSR, or Russia today, it also is and has been an important objective for the West: for example, we have only to read something about the operation Mari, in the 60s ([2]).

A good example of Russian activities in Spain in the 1970s and 1980s is SOVHISPAN. This Spanish Soviet consignee, founded in 1971 and operating until 1993, took advantage of the strategic situation of the Canary Islands in order to deploy a capacity to supply Soviet vessels operating on African coasts or to make technical stops on transatlantic voyages (passenger or scientific). At first sight, an interesting business relationship between two countries and a spectacular source of income for the Islands, with direct flights between Las Palmas and Moscow operated, among others, by Aeroflot. But also a perfect cover for the KGB and GRU and their interests in Spain: from the delivery of the Sahara or the arrival of democracy, to the use of Canarian independence as a possible destabilizing element to prevent Spain from entering NATO. The Spanish services were no stranger to this situation, and led to the expulsion of Soviets accused of espionage; it is estimated that between 1977 and 1985 at least fifteen KGB and GRU agents were expelled from Spain, some of them directly related to SOVHISPAN, such as the company’s own CEO, Yuri Bitchkov (1981).

Neither years ago, as we have already indicated, nor nowadays, with different information needs: Spain is not the priority objective of Russian intelligence. To give some examples, in NATO we are a medium power compared with countries like France or Germany, we are geographically far from Moscow ([1]), we cannot destabilize Mother Russia by our influence in the area of Eastern Europe nor by our energy reserves, we do not have a military capability that poses a real threat to Russian borders (but on the other hand, we are in NATO) … However, not being the priority objective does not mean not being an objective; we must consider Spain as a significant objective today for Russian interests, as the entire NATO or “West” continue to be ([3]). And for this it is not necessary to go back to the last century and to the activities of SOVHISPAN: more recently different cases of Russian espionage against Spain have been identified that have jumped to the public opinion. At the end of 2010, two members of the Russian embassy in Spain were expelled from the country accused of espionage (in fact, everything was more discreet: they were invited to leave the national territory for actions outside their diplomatic status…), which Russia reacted as usual, expelling two Spanish diplomats from Moscow. It was also spread throughout the general press the arrest of a former member of the CNI in 2007 who had been identified as a double agent who sold sensitive information to Russian services until 2004; the first man convicted of treason in democracy, who is still in prison today.

But what does Russian intelligence look for in Spain? In terms of Russian information needs, seen earlier in this series, we again identify four major areas of interest for Russian services in Spain or, generalizing, anywhere in the world: scientific-technical intelligence, political intelligence and diplomatic, military intelligence and economic intelligence; we include the “ecological” (energy) area as being of special interest in almost all of them. We will analyze each of these areas in the current Spanish scenario, both in the Public Administration and in companies, starting from the fact that, on paper and formally, Spain and Russia have had an agreement for years for the mutual protection of classified information, especially political, military, technical-military and economic information ([5]). These areas ring a bell, don’t they? It is also true that this agreement explicitly refers to information “exchanged in the course of cooperation”, not “non-exchanged” information…

Let us focus first on the Public Administration; the Autonomous Administrations (much less the local ones) need not be a Russian target, at least habitual, although it is necessary to remember that in certain cases it could be interesting for Russia to accede to autonomic information. If this were the case, the Autonomous Communities with the greatest potential interest for Russia could be Catalonia, Valencia, Andalusia and the Canary Islands, and for obvious reasons the Community of Madrid. In all these Communities there are Russian Consulates (in some of them, honorary consuls). This has a simple explanation: on the Catalan coast, on the Costa del Sol, in the Valencian Community and in the archipelago is where more Russian citizens are concentrated (Barcelona is the city and Alicante is the province of Spain with more Russian population). In this way, occasionally and potentially, as always – it might be interesting for Russian intelligence to access a medical history of a citizen of this nationality who is being treated in a Spanish hospital, to give an example, so that the areas with more chances of being a specific target would be those cited.

But beyond occasional interests, if we talk about the Spanish Public Administration, it is necessary to look at the General State Administration (AGE), a presumed key objective for Russia, as a presumed key objective for the services of any country in the world; all the Ministries that make up the AGE are a Russian target. The AGE obviously has a political and diplomatic interest, one of the basic needs of Russian intelligence, and even some of its Ministries have a scientific-technical interest (Defense, Development, Education …) or economic interest; the Ministry of Defense deserves a separate mention, with the addition of military interest for Russian intelligence. In fact, according to the CCN-CERT the main Russian objectives in Spain are governmental; but although all Spanish Ministries are an objective, for different reasons, there may be some that are more than others … what could be the main objectives? Perhaps, only perhaps, the following – with its corresponding formal denomination: Presidency, Foreign Affairs, Defense, Interior and Economy. Why these five? Because of the sensitivity of the data they manage, they would be of any foreign service in general: not in vain was the CDGAI (Government Delegate Commission for Intelligence Affairs formed [4]).

Apart from Secretariats, Directorates General, etc., each Ministry has different Public Organisms linked; focusing on the previous five, within the Presidential dependents the key objective by definition will surely be the National Intelligence Center, the main actor of Spanish intelligence, or the Department of Homeland Security, of course far above other agencies such as the BOE or National Heritage. In the case of Foreign Affairs, the main objectives could be the AECID (Spanish Agency for International Cooperation for Development) or the Center for International Studies – a good part of the rest are cultural centers – while if we speak of Defense, everything is a potential Russian target: from INTA or DGAM to ISFAS (although this one is certainly less interesting than the first two). For the Interior, the Police, the Civil Guard or Penitentiary Institutions can be especially sensitive – let us remember the vast ecosystem of Russian intelligence and its relations with third parties – and finally, in Economics, perhaps the biggest focus of interest are organizations such as the CDTI or CSIC, for the scientific-technical advantage that their information can bring to Russian services and companies.

Apart from their own Administration special mention should also be made of the public companies (or semi-public) ascribed. In the Inventory of Entities of the State Public Sector (INVESPE), all the mercantile companies belonging to Ministries are listed. We have more than 150 public companies ranging from some with so little potential interest – in this context – such as “Zona Franca, SL” or ” Compañía Española de Tabaco en Rama, S.A.”, both ascribed to the Treasury, to others that may be a clear objective, as ISDEFE, S.A. (Defense) or INCIBE, S.A. (Industry).In this case, in companies’, the interests of Russian intelligence will not be so focused on politics and diplomacy, but will focus on scientific-technical and economic espionage, as they will in private business; for this reason, special mention may be made here of companies affiliated to particular ministries participating in multi-million euro projects, such as Development, for economic and technical espionage of which they may be subject (and not only Russian).

If we move onto the private sphere, that of companies, political or military espionage obviously lose strength in favor of the scientific-technical and economic espionage in different sectors – as we have said, likewise in the public enterprise – : Russian companies compete in large competitions with Spanish ones and their services will have a legitimate interest in favoring them, as well as the interest in obtaining a direct technical advantage through the theft of information. One of the main sectors of interest can be energy, main Russian driving force, so we can speak of the companies of this sector as a clear objective; without going any further, let us remember Lukoil’s interest in entering REPSOL severely a few years ago. All the major Spanish energy companies would enter in this group (without naming any, surely we all know them), as well as other companies directly or indirectly linked to the sector.

But beyond energy, when we talked about the Russian information needs a few posts ago we referred to other sectors marked as key by its National Security Strategy: ICT, biomedicine, pharmacy, nuclear technology, nanotechnology … in short, leading sectors that can advance a country in a meaningful way. Nothing strange either for Russian services or for any other country, of course. Companies in these sectors will be a potential target of Russian intelligence, as they surely will be for many other services: their research, projects, patents … are worth a lot of money. A relationship of Spanish companies in each of these sectors is no secret, and by consulting open sources we can get a rough idea of possible objectives in Spain with all details.

A particularly interesting area is that of scientific-technical espionage in companies linked to Defense, a possible target of both civil intelligence and Russian military intelligence. Here, the General Directorate of Armament and Material (DGAM) has some six hundred companies registered in its catalog; the data is classified, but one has only to consult WikiPedia to obtain an interesting list of companies in this sector; if we leave aside more classic companies and focus on technology (beware, not just computing, there are many interesting technologies for Defense … and especially faces, objects of Russian interest) we get a juicy business relationship in this area. Or even more simple: we can go to, for example, web pages of associations that bring together the companies of the sector where, in some case, in addition to providing the list of associates – something obvious – they are classified according to different parameters, such as the number of employees: thus we can easily identify Spanish companies working on technologies for the Defense sector or related to, for example, less than fifty workers. What does this mean? That we have an excellent list of interesting companies for Russian services but that are also small in size, which a priori – does not have to be so, and hopefully it is not – may imply that they are soft targets; to give us an idea, these companies work in environments as varied and interesting as the manufacturing of warships, military nanophotonics or submarine electronics…

In short, Spain has been and remains a target of Russian intelligence, not the highest priority but perhaps for sure at a second level; so it is not surprising that Russian services, or the Russian APTs, have Spain as their target, both in the Public Administration (priority) and in the private sector (biomedicine, ICT, defense…), looking for information aligned with their needs, of course always allegedly. As an example, if in the Targeted Cyberattacks Logbook of Kaspersky we select cyber espionage or information theft campaigns that had Spain in the Top 10 of its objectives we will find five, of which three are Turla, Agent.BTZ and Crouching Yeti. They ring a bell, right? Out of curiosity, the other two are Spanish-speaking: Machete and Careto. Other works clearly speak of Spain as a relevant target for APT28 ([6]), MiniDuke ([7], [8]) or Energetic Bear [9], to give just a few examples of allegedly Russian APTs that have impacted on our country. In fact, in its EMEA reports, FireEye indicates that in this area, Spain moved from tenth position in APT detection in 2014 to the third in 2015 ([10]), which shows that it is in the spotlight of different actors not just Russians.

To conclude this section, two comments. First of all, it should be recalled that the objectives identified here are by no means exhaustive; although these may be priorities, let us remember the capacity and voracity of Russian services and their broad information needs: few organizations whose information has political or economic value should consider Russia a distant threat – nor other actors. Secondly, everything reflected in this post has been extracted from public sources and in many cases are strictly personal opinions, as almost always…

[1] Javier Morales, Eric Pardo. Rusia en la estrategia de seguridad nacional 2013. UNISCI Discussion Papers, número 35. Mayo, 2014.
[2] Claudio Reig. El espía que burló a Moscú. Ed. Abril, 2017.
[3] Mira Milosevich-Juaristi. ¿Por qué Rusia es una amenaza existencial para Europa?. Real Instituto Elcano. Julio, 2015.
[4] Gobierno de España. Real Decreto 1886/2011, de 30 de diciembre, por el que se establecen las Comisiones Delegadas del Gobierno. BOE 315, de 31 de diciembre de 2011.
[5] Gobierno de España. Acuerdo entre el Gobierno del Reino de España y el Gobierno de la Federación de Rusia sobre la protección mutua de la información clasificada. BOE 312, de 26 de diciembre de 2014.
[6] Razvan Benchea y otros. APT28 Under the Scope. A Journey into Exfiltrating Intelligence and Government Information. BitDefender. 2015.
[7] F-Secure. The Dukes. 7 years of Russian cyberespionage. F-Secure Labs Threat Intelligence. September, 2015.
[8] Costin Raiu, Igor Soumenkov, Kurt Baumgartner, Vitaly Kamluk. The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor. Kaspersky Lab. February, 2013.
[9] Symantec. Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Symantec Security Response. July, 2014.
[10] Álvaro García. APT. Evolución de las tácticas. Situación de España en el panorama europeo. IX Jornadas STIC CCN-CERT. Diciembre, 2015.

See also in: