![\"\"](\"https:\/\/lab52.es\/blog\/wp-content\/uploads\/2019\/04\/dump_1-1.gif\")
<\/figure><\/div>\n\n\n\nSearch poster published by the FBI (July 2018) <\/em><\/p>\n\n\n\n U.S. intelligence had publicly pointed out to its Russian \ncounterparts of interference in the 2016 electoral process ([2]), even \nlinking the GRU to direct attacks and to the publication of exfiltrated \ninformation. However, the DoJ document goes into detail and identifies \ntwo units of the GRU -26165 and 74455- as directly responsible for \nactivities in the cyber field aimed at interfering in said elections, \nmarking unit 26165 as the direct operative (attacks against relevant \nactors, for example via spear phishing, document stealing, etc.) and \nunit 74455 as a significant actor in associated disinformation \noperations, such as the dissemination of documents or emails or the \nhandling of Guccifer 2.0 sockpuppet. The accused by the DoJ are twelve \nRussian intelligence officers, nine belonging to unit 26165 and three \nbelonging to unit 74455, as summarized in the following table:<\/p>\n\n\n\n The personnel of unit 26165, located at number 20 of Komsomolskiy \nProspekt, and of unit 74455, located at number 22 of Kirova Street, in \nthe Khimki district, in both cases in Moscow; details of each of these \nunits are also given: they are commanded by a Colonel, they have \ndifferent departments with specific tasks (malware development, zombie \noperation\u2026) The DoJ indictment also describes the TTPs of the attackers \nwith a amazing level of detail, as well as dates of actions as specific \nas the X-Agent implant in a victim or the name of the person performing \nsuch action, within the framework of GRU operations against the DCCC \n(Democratic Congressional Campaign Committee) and the DNC (Democratic \nNational Committee). It also analyzes with the same level of detail the \nefforts of the hostile actor to persist in the victim or the handling of\n stolen information and its diffusion through the framework DCLeaks \n(sockpuppet, website, social networks\u2026) and Guccifer 2.0., As well as \nthe relationship between both.<\/p>\n\n\n\n As we have said, at all times, both in the technical area of \nintrusion and persistence and in the less technical area of the use of \nstolen information, the level of detail provided by the DoJ is \nimpressive; without going into whether this level is usual in DoJ \naccusations relating to National Security \u2013 I have no criterion \u2013 \ncertainly from an intelligence point of view, giving so much information\n of knowledge about an adversary is neither usual nor good \u2026 There are \nalso, especially in October, as we will see later, unusual levels of \ndetail in public sources about tactics, techniques, identities \u2026 of GRU \nagents and their operations. We will see, at the end of the work, some \nquestions that we ask ourselves regarding the reason for this level of \ndetail \u2013 and its possible answers.<\/p>\n\n\n\n References<\/strong><\/p>\n\n\n\n\nUnit<\/strong><\/td> \nName<\/strong><\/td> \nJob<\/strong><\/td> \nPosition<\/strong><\/td> \nAliases<\/strong><\/td> \nAccusations<\/strong><\/td><\/tr> \n26165<\/strong><\/td> \nViktor BORISOVICH NETYKSHO<\/td> \nCoronel<\/td> \nUnit Head<\/td> \nIntrusion in DCCC y DNC<\/td><\/tr> \n26165<\/strong><\/td> \nBoris ALEKSEYEVICH ANTONOV<\/td> \nCommander<\/td> \nDepartment Head<\/td> \nIntrusion<\/td><\/tr> \n26165<\/strong><\/td> \nDmitriy SERGEYEVICH BADIN<\/td> \nAssistant Department Head<\/td><\/tr> \n26165<\/strong><\/td> \nIvan SERGEYEVICH YERMAKOV<\/td> \nKate S. Milton
\nJames McMorgans
\nKaren W. Millen<\/td><\/tr>\n26165<\/strong><\/td> \nAleksey VIKTOROVICH LUKASHEV<\/td> \nLieutenant<\/td> \nDen Katenberg
\nYuliana Martynova<\/td><\/tr>\n26165<\/strong><\/td> \nSergey ALEKSANDROVICH MORGACHEV<\/td> \nLieutenant Colonel<\/td> \nDepartment Head<\/td> \nMalware development<\/td><\/tr> \n26165<\/strong><\/td> \nNikolay YURYEVICH KOZACHEK<\/td> \nCapit\u00e1n<\/td> \nKazak
\nblablabla1234565<\/td>\nMalware development<\/td><\/tr> \n26165<\/strong><\/td> \nPavel VYACHESLAVOVICH YERSHOV<\/td> \nSupport for malware development<\/td><\/tr> \n26165<\/strong><\/td> \nArtem ANDREYEVICH MALYSHEV<\/td> \nLieutenant<\/td> \ndjangomagicdev
\nrealblatr<\/td>\nMalware operation<\/td><\/tr> \n74455<\/strong><\/td> \nAleksandr VLADIMIROVICH OSADCHUK<\/td> \nColonel<\/td> \nUnit Head<\/td> \nPublication of stolen information<\/td><\/tr> \n74455<\/strong><\/td> \nAleksey ALEKSANDROVICH POTEMKIN<\/td> \nDeparment Head<\/td> \nInfraestructure and Identity Management<\/td><\/tr> \n74455<\/strong><\/td> \nAnatoliy SERGEYEVICH KOVALEV<\/td><\/tr><\/tbody><\/table>\n\n\n\n