The Russian ICC (XVIII). Conclusions

For a few months we have published a series of posts about Russian cyber intelligence in SecurityArtWork, which we hope you have liked and they have helped you to better understand Russian capabilities, groups, structures, APT… without a doubt, Russia has been and continues to be one of the main players in the field of security, intelligence and defense (and of course in cybersecurity, cyber intelligence and cyber defense … or cyber things in general) and, as such, we must know it well if we work on these issues.

As we have seen in this series, Russia is a world power in many fields (as was the USSR in its day) and still retains Soviet reminiscences; the “Cold War Mode”, which we have referred to in different posts, perfectly defines its current cyber strategy and the management of information that the country has historically done, which are applied in this broad concept of information warfare which we have also referred to on many occasions, significantly different from the West, and which includes propaganda or deception, to give just a few examples. If Russia is your mother and your mother is in danger you will do whatever is necessary to save her. Period. No further discussion.

In order to implement this strategy, Russia has a truly complex intelligence structure, in which four services stand out because of their cyber powers and capabilities, of which two can be especially active: the FSB, the main heir of the KGB and of the FAPSI, and the GRU, an opaque and efficient service. Simply put, civilian and military intelligence, competing with each other and probably with cyber capabilities more than impressive (and not just cyber, of course). And the Russian APTs, where are they in that ecosystem? It is difficult, almost impossible to say, but the probability that they are linked in one way or another to these services is high: their capabilities or their interests seem to indicate it … or not. Undoubtedly, attribution in a purely cyber environment is impossible, and that’s why we like to talk for hours and hours about it ;)

But to understand Russian intelligence by focusing only on its services would be a mistake; the ecosystem is much broader, and it extends with formal relations to politics (let us remember the term siloviki) or to the business environment, and with less formal relationships to crime – or cybercrime – organized or in groups, autonomous or not, such as patriotic hackers or the so-called web brigades; all these relations, or at least the most significant ones, have been dealt with in this series, leaving many others aside, for example, Russian intelligence relations with the Orthodox Church, which also exist, because they stray too much from our cyber-things … Undoubtedly, “non-formal” relationships are more interesting than public ones, but all, as a whole, have the common goal of defending Mother Russia, in its broadest sense.

Once analyzed – as far as our time and knowledge allows – the impressive Russian intelligence ecosystem, focusing on or trying to on the cyber part, we go for the million dollar question: what do Russian intelligence, Russian APT, Russian government … Mother Russia in general look for? We have seen their information needs, focused on very specific areas (remember: political, economic, military, scientific, technical and ecological), and from there we moved on to the Russian targets, with specific names: the countries most likely to be spied on by Russian intelligence, reserving a post for Spain. Yes, we have been a Russian target for years now, not of the highest priority but definitely at a second level of interest. Starting with the General Administration of the State and ending with companies that work in certain sectors, such as Defense or ICT; without giving names, we can make a list of Russian objectives in Spain – almost perfectly defined.

To finish this series it is necessary to insist on the usual disclaimer: although the external references cited in the series are many, much of what is expressed does not cease to be opinions or difficult hypotheses, very difficult to prove, and of course all the information reflected here is drawn from public sources. In addition, I have a comment, in case it was not been clear in the series: the Russians – and surely no one in this war – are “the bad guys.” They’re just doing their job, and better than many others; they are discreet, technically very good, effective and earn their vodka on a daily basis. We shall close the series but we will not stop talking about Russia in SAW. After all, they are the best. Stay tuned ;)

– All post about the Russian ICC –

  1. The Russian ICC (I). Introduction: the Russians are coming!
  2. The Russian ICC (II). Context: Russia
  3. The Russian ICC (III): the Community
  4. The Russian ICC (IV): A bit of history: FAPSI
  5. The Russian ICC (V): FSB
  6. The Russian ICC (VI): SVR
  7. The Russian ICC (VII): FSO
  8. The Russian ICC (VIII): GRU
  9. The Russian ICC (IX): APT groups
  10. The Russian ICC (X): the intelligence ecosystem
  11. The Russian ICC (XI): The intelligence ecosystem. Companies
  12. The Russian ICC (XII): The intelligence ecosystem. Web brigades
  13. The Russian ICC (XIII): The intelligence ecosystem. Patriotic hackers
  14. The Russian ICC (XIV): The intelligence ecosystem. Cybercrime
  15. The Russian ICC (XV): objectives. Information needs
  16. The Russian ICC (XVI): objectives. Countries
  17. The Russian ICC (XVII): objectives. Spain
  18. The Russian ICC (XVIII). Conclusions