(Cyber) GRU (I): Introduction

As we already mentioned in the post about it, within the series on the Russian Cyberintelligence Community, the GRU (GU) is the most opaque of the Russian services, maintaining almost intact its Soviet heritage against the “westernized” FSB o SVR: in fact, the structure and operation of the Service has not been especially well known, being the main reference [1] until rather recently. Beyond specific data of operations without a clear attribution, or the identities of its Director and Deputy Directors -no secret-, little or nothing was known about the Service. However, and certainly very much in spite of the GRU, in 2018 there are – up to now – three facts that give a radical turn to this opacity:

  • On July 13, the US Department of Justice released a document detailing the alleged involvement of the GRU in the interference operations during the 2016 US presidential elections.
  • As if this were not enough, on March 4, Sergey Skripal and his daughter Yulia were poisoned in Salisbury (UK); On September 5, Theresa May herself formally accused ([2]) two alleged members of the GRU of said action, in a statement that ends up talking about Litvinkenko and the demolition of MH17 and that ends up phrase is included. meaningful: It was almost certainly also approved outside the GRU at a senior level of the Russian state.
  • To end the service’s annus horribilis, on October 4 the British NCSC publicly accused the GRU of cyber-espionage activities against the World Anti-Doping Agency (WADA) or against the DNC, among other objectives [3]; also, with “high confidence”, which means what it means … while, almost in parallel, the Dutch MIVD accused the GRU ([4]) of attacking, in addition to different British official bodies, the OPCW (Organization for the Prohibition of Chemical Weapons) – which coincidentally investigated the Skripal poisoning – in April; they cited the service unit 26165 and identified it directly with APT28. The US DoJ is not far behind in the accusations against the GRU, as we will see, and the Canadian government also points to these official accusations. In short, four “Western” countries – which also receive public support from Australian and New Zealand partners, thus completing the Five Eyes – accuse the GRU of cyber-espionage.

Undoubtedly, the GRU must not have liked this protagonism at all, since it has taken the Service to the front pages of general newspapers around the world; so much so that on November 22 the death of General Igor KOROBOV, the commander of the GRU, is announced after a “long and serious illness” (perhaps aggravated, but not caused, by some reprimand of higher instances for all the errors committed). Initially, General Sergey ALEKSANDROVICH GIZUNOV, Deputy Director of the GRU and President Putin’s trusted person, was spoken of as a possible successor to the head of the Service, but that same day Vice Admiral Igor KOSTYUKOV, until then First Deputy Director, assumed the functions of Director. General GIZUNOV, in addition to being Deputy Director of the GRU, holds a doctorate in Technical Sciences, possibly computer science or mathematics, and comes from the service’s SIGINT apparatus ([5]); he was in fact the Head of Unit 26165 a few years ago. After the death of Igor SERGUN, former Director of the GRU, in January 2016, his name was already shuffled among the successor candidates (GIZUNOV was already Deputy Director), although KOROBOV was finally chosen: perhaps the GRU considered SIGINT as a purely operational aspect, supporting the strategy of the service and global intelligence. In 2018, after the death of KOBOROV, perhaps it still thinks the same… or maybe not.

In view of what has happened this year, in 2018 the GRU has gone from being considered by many analysts as one of the best services in the world to see how sensitive data of its operations, its officers, its interests and capabilities are published… and which also reveal OPSEC measures that are more than poor in their actions. Being the elite of Russian intelligence, the GRU has spent a few months focusing on criticism from the Kremlin, the political opposition and the other Russian intelligence services.

We are going to deal in the present series with these facts that in recent months have turned around the perception that many analysts had of the GRU in order, once seen, to determine what new information related to structures, people, objectives, tactics, techniques… have contributed directly or indirectly to all of us who are interested in knowing the cyber environment of Russian services, especially military intelligence.

[1] Viktor Suvorov. Inside Soviet Military Intelligence. MacMillan Publishing Company, 1984.

[2] UK. https://www.gov.uk/government/speeches/pm-statement-on-the-salisbury-investigation-5-september-2018

[3] NCSC. https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed

[4] MIVD. https://www.government.nl/latest/news/2018/10/04/netherlands-defence-intelligence-and-security-service-disrupts-russian-cyber-operation-targeting-opcw

[5] Russian Defense Policy. Still Awaiting New GRU Chief. Enero, 206. https://russiandefpolicy.blog/2016/01/23/still-awaiting-new-gru-chief/

See also in: