{"id":152,"date":"2019-04-02T09:53:54","date_gmt":"2019-04-02T07:53:54","guid":{"rendered":"https:\/\/192.168.10.2\/blog\/?p=152"},"modified":"2024-10-11T09:56:53","modified_gmt":"2024-10-11T07:56:53","slug":"cyber-gru-vii-structure-unit-26165","status":"publish","type":"post","link":"https:\/\/lab52.io\/blog\/cyber-gru-vii-structure-unit-26165\/","title":{"rendered":"(Cyber) GRU (VII): Structure. Unit 26165"},"content":{"rendered":"\n<p>Unit 26165 (<em>85th Special Service Center<\/em>) is located at number 20 of Komsomolskiy Prospekt. Also, at this same address is the Military Unit 06410 (<em>152nd Training Center<\/em>)\n with Koval NIKOLAY NESTEROVICH in command, which was created on \n08\/27\/1943. Apparently, this second Unit is not related to the cyber \nfield from a technical point of view, according to available information\n in public sources such as articles or theses related to military \neducation, psychology, etc.<\/p>\n\n\n\n<p>In the Soviet era, the GRU Service of Decryption was located at \nnumber 20 of the Komsomolskiy Avenue in Moscow, to which we have already\n referred, intimately related to the Sixth Directorate (SIGINT) but not \ndependent on it. In fact, that historical Service of Decryption is \napparently the very Unit 26165, created on May 23, 1953 according to \nopen sources. Apparently, there is public information that confirms its \nexistence at least in 1958, such as the medal commemorating the 60th \nanniversary of the Unit shown below:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"243\" height=\"188\" src=\"https:\/\/lab52.es\/blog\/wp-content\/uploads\/2019\/04\/gru1.png\" alt=\"\" class=\"wp-image-239\"\/><\/figure><\/div>\n\n\n\n<p>The attached \u201crationalization proposal\u201d also shows activity of this Unit in the 70s of the last century:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"334\" height=\"502\" src=\"https:\/\/lab52.es\/blog\/wp-content\/uploads\/2019\/04\/gru2.jpg\" alt=\"\" class=\"wp-image-240\" srcset=\"https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/04\/gru2.jpg 334w, https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/04\/gru2-200x300.jpg 200w\" sizes=\"(max-width: 334px) 100vw, 334px\" \/><\/figure><\/div>\n\n\n\n<p>The concept of \u201cRationalization Proposal\u201d in the former Soviet Union \nreferred to technical concepts that were innovative and useful for an \norganization because they involved a change in designs, technologies, \nmachinery, materials, etc. If the proposal was accepted after an \nevaluation, the author was provided with a certificate such as the \nprevious annex for intellectual property purposes.<\/p>\n\n\n\n<p>Until early 2018, the Chief Colonel of the Unit was Viktor BORISOVICH\n NETYKSHO. Part of the information on military units is public in \nRussia, for instance, in <a href=\"http:\/\/www.rusprofile.ru\/\">RusProfile<\/a>,\n a website where information on Russian legal entities and businessmen \nis collected, we can get access to the open information about Unit \n26165, such as its founding date to which we have already made \nreference. According to this website, since January 2018, the current \nCommander is Colonel Dmitry ALEXANDROVICH MIKHAILOV.<\/p>\n\n\n\n<p>Unit 26165 is in charge of the CNE and CNA activities related to the \nactions identified during 2018. This unit is a technical one, of attack \nand exploitation, which develops offensive tools and capabilities and \nalso executes operations using these same capabilities, through two \ndistinct groups:<br>\nOn the one hand, the accusation of Robert Mueller identifies an \noperative group in relation to Unit 26165, commanded by ANTONOV, which \nis in charge of executing the attacks -intrusion, persistence, etc-.<br>\nOn the other hand, a support and development group, commanded by \nMORGACHEV, which is responsible for providing infrastructure and tools \nto the former.<\/p>\n\n\n\n<p>The structure defined in the indictment is the following:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"491\" height=\"261\" src=\"https:\/\/lab52.es\/blog\/wp-content\/uploads\/2019\/04\/gru3.png\" alt=\"\" class=\"wp-image-241\" srcset=\"https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/04\/gru3.png 491w, https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/04\/gru3-300x159.png 300w\" sizes=\"(max-width: 491px) 100vw, 491px\" \/><\/figure><\/div>\n\n\n\n<p><br>\nThe Dutch accusations add Aleksei SERGEYEVICH MORENETS and Evgenii \nMIKHAYLOVICH SEREBRIAKOV as members of the Unit. Both, together with \nagents of the Unit 22177 were intercepted in The Hague. It wasn\u2019t \nestablished to which of the previous groups they belonged, although \napparently, by the type of activity they were developing, they would be \nunder the command of ANTONOV.<\/p>\n\n\n\n<p>With the information gathered during 2018, we can put face \u2013 and \nname, and employment \u2026 \u2013 to alleged members of APT28. When different \nreports were related to the hours of compilation of the malware during \nworking hours in Moscow and St. Petersburg, we could imagine MORGACHEV \nand his group, whereas when campaigns were identified against different \nobjectives, ANTONOV and his people came into play.<\/p>\n\n\n\n<p>Of course, the structure and previous identities are partial: Unit \n26165 is much more complex and extensive than what we saw in 2018.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unit 26165 (85th Special Service Center) is located at number 20 of Komsomolskiy Prospekt. Also, at this same address is the Military Unit 06410 (152nd Training Center) with Koval NIKOLAY NESTEROVICH in command, which was created on 08\/27\/1943. Apparently, this second Unit is not related to the cyber field from a technical point of view, [&hellip;]<\/p>\n","protected":false},"author":17,"featured_media":290,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-152","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-uncategorised","8":"entry"},"featured_image_src":"https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/04\/computer-1591018_640-600x400.jpg","featured_image_src_square":"https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/04\/computer-1591018_640-600x418.jpg","author_info":{"display_name":"BigBoss","author_link":"https:\/\/lab52.io\/blog\/author\/bigboss\/"},"_links":{"self":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts\/152"}],"collection":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/comments?post=152"}],"version-history":[{"count":4,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts\/152\/revisions"}],"predecessor-version":[{"id":323,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts\/152\/revisions\/323"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/media\/290"}],"wp:attachment":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/media?parent=152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/categories?post=152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/tags?post=152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}