In addition to the two previous units, which have gained prominence from the information brought to light in 2018, the GRU has other Military Units linked to signal intelligence, cybersecurity or information warfare. Some of which we can find data in public sources are the following:

• Military Unit 11135 (18th Central Research Institute). Historically ([1]) the Central Scientific Research Institute has been identified within the GRU, which from Moscow designs SIGINT equipment for the GRU and which is perhaps currently this Military Unit, focused today not only on interception of radio and satellite communications but also on wireless devices, SCADA systems or protection of communications ([2]).
• Military Unit 40904, known as the “177th Independent Center for the Management of Technological Development”. Located in Meshcheryakova, 2 (Moscow), with high probability, this unit specializes in signal intelligence processing ([3]).
• Military Unit 36360. Apparently it is a training unit of the GRU in which advanced intelligence courses are taught, at least since January 1949. This training, also apparently and according to open sources, includes topics closely linked to the cyber domain such as the following:
  • Telecommunications Engineering (communication by radio, radio broadcasting and television).
  • Technologies, networks and communication systems.
  • Information systems and technologies: information and analysis.
  • Software Engineering.
  • Applied Mathematics and Computer Science.
  • Information security.
  • Computer software.
  • Automated information processing and control systems.
  • Translation and translation studies (linguistics).
• Military Unit 54726 (46th Central Research Institute), a center focused on military technical information, especially on the capabilities of foreign countries, which potentially includes research in the cyber field.

[Read more…]

Apparently, Unit 74455 is linked to operations of disinformation, influence, propaganda … which would reconfirm the broad concept of information warfare of the Russian military doctrine. We have already referred to it repeatedly, and to the mixture of the purely technical field with the psychological field (dezinformatsiya, spetspropaganda, kompromat, etc.).

In fact, the US DIA speaks of the confrontation of Russian information (informatsionnoye protivoborstvo, IPb) as the term used by the Government for the information war conflict, with two major measures: technical, as a classic CNO, and psychological, as the attempt to manipulate the population in favour of Russian interests ([1]), speaking openly of “cyber” PSYOP. The first of these measures would correspond to Unit 26165 and the second to Unit 74455.

[Read more…]

The information that has come to light during 2018, both the official information of governments of the United Kingdom, the United States, the Netherlands and Canada, as well as the unofficial additional investigations, both individuals and from different organizations (highlighting Bellingcat and RFE/RL, Radio Free Europe/RadioLiberty) has exposed a lot of interesting information about the GRU. It has provided us with data on its units (identification, structure, functions, physical location…), on people who are part of the service (identities, jobs, functions, aliases, relationships, personal scope…) and its operations (objectives, TTP, software, artifacts, IOC…). In addition, they have revealed deficient operational security measures, which have made it possible to broaden the initial investigations even further and have brought to light identities, private homes, relatives… of members – or former members – of the GRU. [Read more…]

If 2018 was already a bad year for the GRU, on October 4th, different Western countries gave the final touch to the Service by publishing information about their operations and agents: it is the Netherlands, the United Kingdom, Canada and the United States – and immediately Australia and New Zealand, as is normal, supported their allies. Summarizing: Holland and FVEY finish off the annus horribilis of the Service, as we will see in this post.

Holland

On October 4th, the Dutch military intelligence, the MIVD (Militaire Inlichtingen- en Veiligheidsdienst) published in a press conference ([1]) the operation carried out in April in which four GRU members were identified and expelled from the country on charges of attacking the Organization for the Prohibition of Chemical Weapons (OPCW); as the US Department of Justice did in July, it provides a wealth of detail about the identities, techniques, security measures, objectives … of GRU agents operating on Dutch soil with diplomatic passports. According to this information, four agents of the Service (two assigned to Unit 26165, Aleksei SERGEYEVICH MORENETS and Evgenii MIKHAYLOVICH SEREBRIAKOV, and two possibly assigned to Unit 22177, Alexey VALEREVICH MININ and Oleg MIKHAYLOVICH SOTNIKOV) land on April 10 in the Netherlands and are received by staff from the Russian Embassy in this country, they rent a car and execute a close access operation to try to compromise the security of the OPCW. They are identified, money is seized in cash and technical equipment (which of course is analyzed in detail, showing data from other operations) that includes devices to attack wireless networks and are accompanied to an Aeroflot plane that returns them to Russia. In the face of serious Dutch accusations, Russia defends that its agents simply conducted a security inspection at the country’s embassy in the Netherlands. [Read more…]

Serguei Skripal was a GRU agent who was arrested in 2004. He was accused of collaborating with the British MI6 and sentenced for high treason until 2010, when he was exchanged for Russian agents arrested as part of the ‘Operation Illegal’. Since then, he had lived in the United Kingdom, apparently away from any “annoying” activity linked to his past as a member of the Service. However, in March 2018, he was found unconscious together with his daughter Yulia – she was visiting the United Kingdom – in a bank in Salisbury, allegedly the victim of an attack with Novichok, a Soviet nerve agent. The United Kingdom blames Russia for this attack without much detail.

At the end of June two Britons, a man and a woman, were admitted to the Salisbury District Hospital. An ambulance brought them from Amesbury, a few kilometres from where the former GRU agent and his daughter were poisoned. The investigation confirmed that they had also been poisoned with Novichok, apparently by accident: none of them had any previous connection with what happened in March and, possibly, they found by chance the nerve agent in what appeared to be a bottle of perfume abandoned in a park. The woman died in early July as a result of the effects of the poisoning.

[Read more…]

As we have said, if until this year the GRU was one of the most opaque services in the world, in 2018 everything changes. Three facts stand out in the chronography, which conclude with the death of Lieutenant General KOROBOV in November; we will see in this section the first of them -and in the coming ones the other two, which occurred in the month of July.

On July 13, the US Department of Justice (DoJ) publishes [1], a document accusing twelve GRU agents – directly summoned by name and surnames – of possible Russian interference in the 2016 presidential elections. The person signing the document is none other than Robert Mueller, an advisor to the DoJ who coordinates investigations in this area – that of Russia’s relationship with the US presidential elections- and who, among other things, was director of the FBI for more tan ten years. After this accusation, the FBI includes among its “Cyber most wanted” the twelve agents of the service, highlighting that they can be armed and dangerous. Until then, the only Russian service that had the privilege of having agents among the most wanted by the FBI was the FSB. [Read more…]

The GRU, Military Unit 44388, obtains and processes intelligence from multiple disciplines, including IMINT, SATINT and, of course OSINT, with information needs linked to the military, political, technological, economic and ecological/energy fields ([1]). It was already indicated in the article dedicated to the GRU, within the series on the Russian Cyberintelligence Community, that the Sixth Directorate of the GRU has historically had the SIGINT (COMINT and ELINT) attributions of the Service. An excellent description of these attributions can be found in [2]; in the image, the historical structure of the GRU:

The Sixth Directorate, which reports directly to the Service’s Deputy Director for Technical Affairs, was divided into four divisions [Read more…]