(Cyber) GRU (X): objectives

Apart from some more specific objectives, such as Westinghouse Electric Company’s – with business in nuclear technology – or domestic routers that can be compromised to orchestrate a distributed attack against the real objective, the information published in 2018 has brought to light five major GRU objectives, consistent with the interests of the Service and consequently with those of the Russian Federation; are those exposed at this point.

It is striking that in most of these objectives – with the possible exception of Ukraine and its infrastructures – the GRU has, presumably always, an interest related more to the confrontation of psychological information to which we have referred than with a purely technical attack. In other words, it is unlikely that the GRU will attack targets such as the researchers of the use of Novichok or the demolition of the MH17, which we will see below, with the intention of technologically altering the results of these investigations … it is more likely that the real objective was to obtain information, on the one hand, to know first-hand the state at each moment and on the other, equally important, to obtain data that would allow the Service to initiate disinformation campaigns against these investigating bodies, so that in the face of society they would lose lost credibility in their claims, thus benefiting the interests of the Russian Federation.

The following table summarizes the operations and accusations related to the objectives of the GRU that have been officially made public in 2018:

Objective/Campaign US UK CA NL
USA 2016
Democratic Congressional Campaign Committee (DNCC) X
Democratic National Committee (DNC) X X
Novichok
Organisation for the Prohibition of Chemical Weapons (OPCW) X X X X
Spiez Laboratory/Conference (Bern, Switzerland) X X X
UK Defense and Science Technology Laboratory (DSTL) X
UK Foreign and Commonwealth Office (FCO) X
Doping
World Anti-Doping Agency (WADA) X X X
Canadian Centre for Ethics in Sport (CCES) X X
US Anti-Doping Agency (USADA) X
Olympics Games Rio de Janeiro 2016 X X
WADA Laboratory/Congress Laussanne (Suiza) X X
International Association of Athletics Federations (IAAF) X
Fédération Internationale de Football Association (FIFA) X
MH17
Dutch Research X
Hotel Kuala Lumpur (Malasia) X
Ukraine
NotPetya X
BadRabbit X

USA 2016 Elections

The purpose of the public accusations against the Service was to interfere in the 2016 U.S. elections. As we have seen, in July prosecutor Mueller launches a harsh and detailed accusation against the GRU in relation to its interference activities in those elections, in which Russian interests supposedly went through Donald Trump’s triumph against his rival, for which they also allegedly stole information from systems related to the Democratic Party and used it to discredit Hillary Clinton, in what seems like a clear operation of influence that the Kremlin has of course denied.

If the Russians actually acted to benefit a candidate, or if that candidate was aware of these alleged activities, it will be checked; Mueller, or the American intelligence community – not only in July but at other times – have provided data and reports that seem to confirm at least the first of the hypotheses, but like almost everything in this life, this can be falsified. Why should the Kremlin be interested in Donald Trump’s victory? Of course I have my hypotheses, linked to the stability of what the Russians call “the West”, but this topic exceeds the theme of this work…

Novichok

The use of Novichok, a military-grade nerve agent, in the Skripal attack and the subsequent investigation by different agencies has been another of the GRU’s targets of interest that came to light in 2018. The operatives identified in The Hague carried out – presumably – a close access operation against the OPCW, which among other issues investigates the Novichok attack on British territory. They are also accused of having among their objectives the Spiez Laboratory, the Swiss Federal Institute for the Protection NBC (nuclear, biological and chemical) which is part of the Federal Office for Civil Protection. This laboratory is the one that confirmed that the product used against the Skripal was effectively Novichok, and also the UK Defense and Science Technology Laboratory (DSTL), which also worked in the investigation for the use of the nerve agent.

The GRU’s interest in the actors who have investigated the Novichok issue is completely normal; two of its agents have been accused of the use of this substance in an operation in foreign territory, so it is logical that the Service has interest in knowing these investigations before the others – we do not say to alter them, we say know – and even exercise some disinformation operation against the actors who investigate these issues. And if these actors also investigate other topics of interest to the GRU, as OPCW does with the use of chemical weapons in Syria (of which Russia accuses the rebels and the West the Assad regime), then all the better: Two birds with one stone.

Doping in sport

In 2016, the International Olympic Committee accused Russia of a systematic doping of its athletes, backed by the Kremlin itself, at the Sochi 2014 Olympics, among other competitions, which is why Russia was on the verge of being excluded from the Rio de Janeiro 2016 Olympics; this, which might seem foreign to many areas of intelligence, was a blow to Russia’s image as a world power, since the Olympic Games can be used as a projection towards the world and as an exhibition of force … what analysts call a softpower. Indeed, a showcase like the Olympic Games can be considered as such, and we should not underestimate this kind of “soft power” in the Russian strategy and image; in fact, some analysts ([1]) identify the Kremlin’s lack of concern about the discovery of its operations as a softpower: the demonstration of Russian capabilities as a world power to interfere with elections or to operate almost anywhere in the world. Of course, it is worse not to have fulfilled the mission, as in the case of the Skripal or The Hague, than to have been discovered.

Anyway, this goal of the GRU is perhaps the most curious for different analysts (not so the performances in Ukraine or the investigation of the attack on the MH17). It is striking that the GRU is involved in matters related to doping, since a priori issues related to the softpower of sport would be closer to the scope of action of the FSB (or even the SVR) than the GRU, which we remember is a service of military intelligence. However, oddly enough, it is not the first time that the GRU works on issues that a priori would correspond to other services of the Russian Federation: for example, in 2014 the Colonel of GRU Viktor ILYUSHIN was expelled from France, accused of searching compromised personal information (the famous kompromat) of President Holland, in an operation that, linked to the political sphere, would correspond on paper to other Russian services. But in the same way, the FSB has operated in the field of the SVR or the GRU when it has expanded through the Baltic or Northern Europe ([2]) … another example of the competitiveness of Russian services.

MH17

In July 2014 a passenger plane of the Malaysia Airlines (MH17) line covering the Amsterdam – Kuala Lumpur route with almost 300 people on board was shot down while flying over Ukrainian airspace. Immediately, the Ukrainian and Russian authorities accused each other of the attack, and Dutch investigators, among others, began the analysis to determine the causes and origin of the attack. Later, in October 2015, the Dutch Safety Board issued a report confirming that the plane was shot down by a missile of the Buk 9M38 series, of Russian origin; the report did not specify who had launched the missile, but the approximate area from which it had been made: an area controlled by the pro-Russian separatist rebels. Some time later, as early as May 2018, the joint investigation team of the Dutch and Australian governments officially accused the Russian government of responsibility in the attack, with the immediate support of the usual allies; Of course, Russia has always denied the facts and has accused the investigations of mounting, defending their lack of transparency and considering them a political assembly.

In 2018 the Dutch government has accused the GRU of attacking the investigators of the demolition of the MH17, both in Holland and in Malaysia, from the material seized from the members of the Service discovered in The Hague and publicly talked about manipulation and influence operations in relation to these objectives. Meanwhile, private investigations such as those of Bellingcat have also analyzed Russia’s relationship with the demolition of the MH7, dismantling-presumably-hypotheses such as an Aeroflot flight as a real target of the attack or identifying as members of the army interest. Russian in the area. In any case, the interest of the Service for these investigations is something that does not surprise anyone, both because of Russia’s relationship with the attack and because of the area of interest in which the commercial plane was shot down.

Ukraine

The Ukraine-Russia conflict, which has continued to this day and does not seem to be able to be resolved shortly, has also been the object of the interests of the GRU. The British NCSC accused the Service ([3]) of destructive attacks against Ukrainian critical infrastructures (Kiev metro, Odessa airport …) with BadRabbit, the supposed ransomware that disabled systems of these infrastructures, and also blamed the GRU for the attacks against Ukraine in June 2017, in which NotPetya impacted the financial, energy and government sectors of this country.

Of the activities of the GRU in Ukraine it is necessary to highlight that they are actions CNA, of pure attack (the four D: disrupt, deny, degrade, destroy), not of theft and exploitation of information (CNE) to which we are more accustomed with actors state or with APT groups; again, we insist that the GRU in a military intelligence service, and for this second surname the execution of destructive operations are not surprising among its capabilities and attributions.

References

[1] Mark Galeotti. Heroes of the Fatherland: : Killing Here, Hacking There. The Moscow Times. December, 2018. https://themoscowtimes.com/articles/heroes-of-the-fatherland-killing-here-hacking-there-63901

[2] Mark Galeotti. Putin’s Hydra: Inside Russia’s Intelligence Services. European Council on Foreing Relations. May, 2016.

[3] NCSC. Reckless campaign of cyber attacks by Russian military intelligence service exposed. October 2018. https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed

See also in: