{"id":140,"date":"2019-04-02T09:50:43","date_gmt":"2019-04-02T07:50:43","guid":{"rendered":"https:\/\/192.168.10.2\/blog\/?p=140"},"modified":"2024-10-11T09:57:21","modified_gmt":"2024-10-11T07:57:21","slug":"cyber-gru-i-introduction","status":"publish","type":"post","link":"https:\/\/lab52.io\/blog\/cyber-gru-i-introduction\/","title":{"rendered":"(Cyber) GRU (I): Introduction"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img loading=\"lazy\" decoding=\"async\" width=\"220\" height=\"237\" src=\"https:\/\/lab52.es\/blog\/wp-content\/uploads\/2019\/04\/220px-Emblem_of_the_GRU.svg_.png\" alt=\"\" class=\"wp-image-252\"\/><\/figure><\/div>\n\n\n\n<p>As we already mentioned in the <a href=\"https:\/\/www.securityartwork.es\/2017\/05\/10\/the-russian-icc-viii-gru\/\">post<\/a>\n about it, within the series on the Russian Cyberintelligence Community,\n the GRU (GU) is the most opaque of the Russian services, maintaining \nalmost intact its Soviet heritage against the \u201cwesternized\u201d FSB o SVR: \nin fact, the structure and operation of the Service has not been \nespecially well known, being the main reference [1] until rather \nrecently. Beyond specific data of operations without a clear \nattribution, or the identities of its Director and Deputy Directors -no \nsecret-, little or nothing was known about the Service. However, and \ncertainly very much in spite of the GRU, in 2018 there are \u2013 up to now \u2013\n three facts that give a radical turn to this opacity:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>On July 13<\/strong>, the US Department of Justice released a\n document detailing the alleged involvement of the GRU in the \ninterference operations during the 2016 US presidential elections.<\/li><li>As if this were not enough, on <strong>March 4<\/strong>, Sergey \nSkripal and his daughter Yulia were poisoned in Salisbury (UK); On \nSeptember 5, Theresa May herself formally accused ([2]) two alleged \nmembers of the GRU of said action, in a statement that ends up talking \nabout Litvinkenko and the demolition of MH17 and that ends up phrase is \nincluded. meaningful: It was almost certainly also approved outside the \nGRU at a senior level of the Russian state.<\/li><li>To end the service\u2019s annus horribilis, on <strong>October 4<\/strong>\n the British NCSC publicly accused the GRU of cyber-espionage activities\n against the World Anti-Doping Agency (WADA) or against the DNC, among \nother objectives [3]; also, with \u201chigh confidence\u201d, which means what it \nmeans \u2026 while, almost in parallel, the Dutch MIVD accused the GRU ([4]) \nof attacking, in addition to different British official bodies, the OPCW\n (Organization for the Prohibition of Chemical Weapons) \u2013 which \ncoincidentally investigated the Skripal poisoning \u2013 in April; they cited\n the service unit 26165 and identified it directly with APT28. The US \nDoJ is not far behind in the accusations against the GRU, as we will \nsee, and the Canadian government also points to these official \naccusations. In short, four \u201cWestern\u201d countries \u2013 which also receive \npublic support from Australian and New Zealand partners, thus completing\n the Five Eyes \u2013 accuse the GRU of cyber-espionage.<\/li><\/ul>\n\n\n\n<p>Undoubtedly, the GRU must not have liked this protagonism at all, \nsince it has taken the Service to the front pages of general newspapers \naround the world; so much so that on November 22 the death of General \nIgor KOROBOV, the commander of the GRU, is announced after a \u201clong and \nserious illness\u201d (perhaps aggravated, but not caused, by some reprimand \nof higher instances for all the errors committed). Initially, General \nSergey ALEKSANDROVICH GIZUNOV, Deputy Director of the GRU and President \nPutin\u2019s trusted person, was spoken of as a possible successor to the \nhead of the Service, but that same day Vice Admiral Igor KOSTYUKOV, \nuntil then First Deputy Director, assumed the functions of Director. \nGeneral GIZUNOV, in addition to being Deputy Director of the GRU, holds a\n doctorate in Technical Sciences, possibly computer science or \nmathematics, and comes from the service\u2019s SIGINT apparatus ([5]); he was\n in fact the Head of Unit 26165 a few years ago. After the death of Igor\n SERGUN, former Director of the GRU, in January 2016, his name was \nalready shuffled among the successor candidates (GIZUNOV was already \nDeputy Director), although KOROBOV was finally chosen: perhaps the GRU \nconsidered SIGINT as a purely operational aspect, supporting the \nstrategy of the service and global intelligence. In 2018, after the \ndeath of KOBOROV, perhaps it still thinks the same\u2026 or maybe not.<\/p>\n\n\n\n<p>In view of what has happened this year, in 2018 the GRU has gone from\n being considered by many analysts as one of the best services in the \nworld to see how sensitive data of its operations, its officers, its \ninterests and capabilities are published\u2026 and which also reveal OPSEC \nmeasures that are more than poor in their actions. Being the elite of \nRussian intelligence, the GRU has spent a few months focusing on \ncriticism from the Kremlin, the political opposition and the other \nRussian intelligence services.<\/p>\n\n\n\n<p>We are going to deal in the present series with these facts that in \nrecent months have turned around the perception that many analysts had \nof the GRU in order, once seen, to determine what new information \nrelated to structures, people, objectives, tactics, techniques\u2026 have \ncontributed directly or indirectly to all of us who are interested in \nknowing the cyber environment of Russian services, especially military \nintelligence.<\/p>\n\n\n\n<p><strong>References<\/strong><br><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>[1] Viktor Suvorov. <em>Inside Soviet Military Intelligence<\/em>. MacMillan Publishing Company, 1984.<\/li><li>[2] UK. <a href=\"https:\/\/www.gov.uk\/government\/speeches\/pm-statement-on-the-salisbury-investigation-5-september-2018\">https:\/\/www.gov.uk\/government\/speeches\/pm-statement-on-the-salisbury-investigation-5-september-2018<\/a><\/li><li>[3] NCSC. <a href=\"https:\/\/www.ncsc.gov.uk\/news\/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed\">https:\/\/www.ncsc.gov.uk\/news\/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed<\/a><\/li><li>[4] MIVD. <a href=\"https:\/\/www.government.nl\/latest\/news\/2018\/10\/04\/netherlands-defence-intelligence-and-security-service-disrupts-russian-cyber-operation-targeting-opcw\">https:\/\/www.government.nl\/latest\/news\/2018\/10\/04\/netherlands-defence-intelligence-and-security-service-disrupts-russian-cyber-operation-targeting-opcw<\/a><\/li><li>[5] Russian Defense Policy. <em>Still Awaiting New GRU&nbsp;Chief<\/em>. Enero, 206. <a href=\"https:\/\/russiandefpolicy.blog\/2016\/01\/23\/still-awaiting-new-gru-chief\/\">https:\/\/russiandefpolicy.blog\/2016\/01\/23\/still-awaiting-new-gru-chief\/<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>As we already mentioned in the post about it, within the series on the Russian Cyberintelligence Community, the GRU (GU) is the most opaque of the Russian services, maintaining almost intact its Soviet heritage against the \u201cwesternized\u201d FSB o SVR: in fact, the structure and operation of the Service has not been especially well known, [&hellip;]<\/p>\n","protected":false},"author":17,"featured_media":252,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-140","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-uncategorised","8":"entry"},"featured_image_src":"https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/04\/220px-Emblem_of_the_GRU.svg_.png","featured_image_src_square":"https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/04\/220px-Emblem_of_the_GRU.svg_.png","author_info":{"display_name":"BigBoss","author_link":"https:\/\/lab52.io\/blog\/author\/bigboss\/"},"_links":{"self":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts\/140"}],"collection":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/comments?post=140"}],"version-history":[{"count":6,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts\/140\/revisions"}],"predecessor-version":[{"id":328,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts\/140\/revisions\/328"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/media\/252"}],"wp:attachment":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/media?parent=140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/categories?post=140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/tags?post=140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}