The Russian ICC (XVIII). Conclusions

For a few months we have published a series of posts about Russian cyber intelligence in SecurityArtWork, which we hope you have liked and they have helped you to better understand Russian capabilities, groups, structures, APT… without a doubt, Russia has been and continues to be one of the main players in the field of security, intelligence and defense (and of course in cybersecurity, cyber intelligence and cyber defense … or cyber things in general) and, as such, we must know it well if we work on these issues.

As we have seen in this series, Russia is a world power in many fields (as was the USSR in its day) and still retains Soviet reminiscences; the “Cold War Mode”, which we have referred to in different posts, perfectly defines its current cyber strategy and the management of information that the country has historically done, which are applied in this broad concept of information warfare which we have also referred to on many occasions, significantly different from the West, and which includes propaganda or deception, to give just a few examples. If Russia is your mother and your mother is in danger you will do whatever is necessary to save her. Period. No further discussion.
[Read more…]

The Russian ICC (XVII): objectives. Spain

The First General Directorate of the KGB was responsible for all operations of the service outside the USSR; this Directorate included departments focused on different geographical areas of the world, which were the operational nucleus of the General Directorate and were responsible, among other things, for the duties of almost all KGB-linked companies operating outside Soviet territory. And within these geographical departments, the Fifth was concerned with France, Italy, the Netherlands, Ireland … and Spain. Certainly we did not reach the level of the United States and Canada (First Department, exclusively occupied by these two countries) but we were not very far, perhaps on a second level. For different reasons that have obviously changed over the years, since the Civil War until now Spain has been a historical objective (not the most important, but relevant) for Soviet intelligence and now it is still so for Russian intelligence: from the NKVD during its lifetime to the current services, obviously passing through the KGB from the middle to the end of the last century. Exactly the same as the USSR, or Russia today, it also is and has been an important objective for the West: for example, we have only to read something about the operation Mari, in the 60s ([2]).... Leer Más

The Russian ICC (XVI): objectives. Countries

Any country in the world is a potential target of Russian-or non-Russian-espionage. As an example, infiltration in America has historically been high, not only in the United States, a country of highest priority for Russian intelligence, but also throughout Latin America.

However, the maintenance of a large ecosystem of intelligence is not cheap – although it is certain that, thanks to the particularities and relations of the Russian services, it is not as expensive as it would be in other circumstances. So as in any country, Russians should prioritize their usual activities and interests, leaving for temporary occasions those temporary objectives: for example, the Middle East (Syria, Iran …) can be considered in the list of these temporary objectives, for reasons of security —counterterrorism— as well as economic —customers or suppliers of basic goods for Russia.

In addition to these, countries such as Australia or New Zealand, technologically developed and close to the West —not from the physical point of view, of course —are also targets of Russia for different reasons, such as industrial espionage. We have highlighted in gray the target countries of Russian espionage:

[Read more…]

The Russian ICC (XV): objectives. Information needs

Let us recapitulate: so far we have made several entries concerning the Russian ICC, in which we have contextualized Russian intelligence, we have described its different services with cyber attributions and have analyzed, as far as possible, their relations with third parties, thus describing the complex ecosystem of intelligence in Russia. With this ecosystem already described (we had to stop at some point), we will now try to analyze the objectives of this intelligence, its information needs: what is Russia looking for and where?

A bit of history: Vasili Mitrokhin was a KGB archivist who, after the dissolution of the USSR, defected and collaborated with the British MI6; the material exfiltrated by Mitrokhin, which gave rise to several books that are known together as “the Mitrokhin archive”, revealed among many other secrets that the Soviet leader Mikhail Gorbachev already considered industrial espionage as a key aspect for economic survival and for the restructuring of the country. This became clear after the dissolution of the USSR, so that in accordance with its legal basis ([3]), the objective of Russian intelligence has been to gather information in the political, economic, military, scientific, technical and ecological fields to support the economic development and scientific-technical and military progress of the Russian Federation; even the GRU has entrusted the acquisition of military, political-military, technological-military and economic-military information. In other words, Russia is concerned about its defense, both military and economic, from the Soviet era (from Mitrokhin’s information) to Russia at the end of the last century. Something, on the other hand, completely logical in any modern country. [Read more…]

The Russian ICC (XIV): The intelligence ecosystem. Cybercrime

The relations of the Kremlin (by extension, of its intelligence services) with “classic” organized crime, with Russian mafias, is a fact more or less proven. Without going any further, in documents leaked by WikiLeaks the Spanish prosecutor Jose Grinda directly links the Russian mafia with the intelligence services of the country.... Leer Más

The Russian ICC (XIII): The intelligence ecosystem. Patriotic hackers

The concept of patriotic hacker can be understood as the attacker, in the cyber field, whose activities support in one way or another his country in a real conflict, directed against the enemy of the state ([1]). Along with China, Russia has been perhaps one of the countries that has most empowered these groups, active for years in conflicts such as Kosovo (1999), Estonia (2007) or Georgia (2008). In Spain, if there has ever been something similar and in any case not state sponsored, it could be linked to small actions in the network against the environment of ETA after the murder of Miguel Angel Blanco (1997), perhaps at odds between hacktivism and patriotic hackers (this would give for an interesting debate), but in any case very far from the activities of patriotic groups in other conflicts or countries.... Leer Más

The Russian ICC (XII): The intelligence ecosystem. Web brigades

The known Web Brigades (or G-team) are groups theoretically linked to the Russian government which participate in forums, social networks, blogs, information websites … to generate a positive image of Russia (and Putin in particular) in digital media. As rumors suggest, these groups are controlled by the FSB itself, although this is difficult to prove [1]. One of the most well-known cases of the use of web brigades to disseminate this information is the Olgino Trolls, a fairly large group of paid people – always theoretically – to promote Russian positions on national or international political issues.

The members of the web brigades even have defined guidelines to elaborate their comments and opinions ([4]), that mark for example the minimum number of words of each entry or the guidelines so as to go unnoticed in social networks, combining political opinions with other inconsequential ones about hobbies or travel; something that seems perfectly studied and orchestrated and in what will probably be invested large amounts of money, that perhaps comes from government-aligned groups… or the government itself. [Read more…]

The Russian ICC (XI): The intelligence ecosystem. Companies

When we talk about the relationship of Russian services with companies in the country, it is necessary to emphasize that these services are not interested in any type of organization, only those that can give coverage to the service or those that allow them to control, to a greater or lesser extent, a field of interest for Russia’s national interests – usually strategic companies for the nation – natural resources (gas and oil in particular), media, state monopolies created after the dismemberment of the USSR … As a curious fact in relation to state control in some areas, Russian law identifies strategic sectors or companies and it is the Russian law itself that defines how to invest in them, including foreign investment in these companies: foreign companies are prohibited from owning a strategic Russian company, unless expressly approved by the President. [Read more…]

The Russian ICC (X): the intelligence ecosystem

coat_of_arms_of_the_russian_federation-svgWe cannot conceive the Russian intelligence community, described in this series, as a set of services dependent on political or military power. The degree of penetration of these services throughout Russian society is very high, both officially and unofficially. It is no secret that former KGB or FSB officials occupy positions of responsibility in politics or big companies in the country. As a curiosity, in 2006 it was reported that 78% of the country’s top 1,000 politicians had worked for the Russian secret services [1]. So much so that these profiles have a proper name: siloviki, a term that comes to mean people in power. And it is no secret who is the most well-known siloviki: Vladimir Putin, President of the Russian Federation, who was agent of the KGB in the Soviet era and later Director of the FSB.... Leer Más

The Russian ICC (IX): APT groups

russian-malware-analysis-temp-770x513We have talked so far about the main services that make up the Russian intelligence community in its cyber domain and we will continue to describe in successive posts the rest of the complex Russian ecosystem but, where are the allegedly Russian APTs? Groups known to everyone, such as APT28 (FancyBear, Sofacy …) or APT29 (CozyBear, The Dukes …), must be somehow related to this community … if they are not part of it, right?... Leer Más