What Is The GRU & Who Does It Hack?

Both at home and abroad, the Russian abbreviation of the year has been “GRU”, the erstwhile but still commonly used initialism for the country’s Military Intelligence Directorate. 
 
The agency’s staff now stand accused of Hacking the Democratic National Committee computer network and trying to influence the 2016 US presidential election; hacking various anti-doping agencies and the International Court of Arbitration; and trying to hack the Organisation for the Prohibition of Chemical Weapons in the Netherlands. 
 
Additionally, in what has led to a new wave of Western sanctions against Russia, GRU agents are also accused of poisoning Sergey Skripal, a former GRU colonel who spied for the British, in Salisbury, England. 
 
“Alexander Petrov” and “Ruslan Boshirov”, the two individuals identified by London police who came to Salisbury to try to kill Skripal, are apparently cover names for the GRU agents Alexander Mishkin and Anatoly Chepiga. 
 
 Igor Korobov (pictured) was appointed by Vladimir Putin to serve as the director of the Military Intelligence Directorate and  has been reported as dying of natural causes on 21st November, aged 62. 
 
What is the GRU? What do the initials stand for?
Subordinate to the Defense Ministry, the GRU is Russia’s Main Intelligence Directorate, and technically speaking it doesn’t exist. In 2010, following major reforms to the army, Russia’s military intelligence agency was renamed “the Main Office of the General Staff of the Defense Ministry.” 
 
This change, however, hasn’t stopped anyone from referring to the organisation or its members as “the GRU”, an initialism that’s now used constantly by journalists and in official documents, including indictments by the US government and announcements by the Dutch authorities.
 
What’s the difference between the GRU and Russia’s Foreign Intelligence Service (SVR)?
What separates the GRU and SVR seems to be perceptible only to those inside the two agencies. In 2006, one SVR Lieutenant General explained that the SVR collects “political” intelligence, while the GRU collects “military” intelligence. The structure and activities of both agencies are classified as state secrets.
 
The defector Sergey Tretyakov revealed more than anyone about the SVR’s methods and training in a collection of interviews, published in 2008 as a book titled “Comrade J.: The Untold Secrets of Russia's Master Spy in America After the End of the Cold War,” written by journalist Pete Earley. 
 
The grandson and son of KGB officers, Tretyakov spent his youth reading Ian Fleming novels and dreaming of becoming a spy. In the early 1980s, KGB recruiters invited him to participate in a student-exchange program to France, where he would collect intelligence about the newly elected president, François Mitterrand. When Tretyakov returned, he was sent to the “Forest School” not far from Medvedkovo in northeast Moscow, like other young intelligence workers.
 
In New York, Russian intelligence agents worked in the Manhattan building that housed Russia’s Permanent Mission to the UN. Ordinary diplomats used the lower five floors, while intelligence workers and cryptographers occupied the upper stories, the so-called “submarine” floors. The walls in this building were fitted with vibrating pipes that emitted white noise, and there was a total absence of telephones and Internet-connected computers. 
 
How does the GRU choose and train its staff? What is the “Conservatory”?
GRU officers train at the Defense Ministry’s Military Academy, at 50 Narodnoe Opolchenie Street in Moscow, not far from the region where you’ll find the GRU’s headquarters and the research institutes affiliated with Russia’s military intelligence. The academy is better known as “the Conservatory.”
 
Military intelligence agents, including cybersecurity specialists, also train at the Cherepovets Higher Military School of Radio Electronics. Another training grounds for GRU agents is the Alexander Mozhaysky Military Space Academy, where Alexey Morenets, the GRU agent recently accused of carrying out hacker attacks in the Netherlands, was a student. Academy instructors usually choose their new students by sending out recruiters to military units across the country, reviewing the records of young officers. They interview potential recruits at their homes and then invite the most promising candidates to Moscow for testing.
 
One test might ask them to repeat a phrase in an unfamiliar language, while another could show them dozens of mug shots and then ask candidates to recite each person’s name. There are also interviews with a review board, which might ask candidates about their favorite alcoholic beverages, their reasons for wanting to join Russia’s military intelligence, and even their attitudes about women.
 
Training lasts three years. The first year of instruction puts special emphasis on foreign languages, operating special-purpose machinery, area studies, encryption, decryption, and covert intelligence work. There are even classes in how to invent your own “legend” (backstory) and how to evade surveillance.
 
One of the most important assignments at the Conservatory is penetrating a high-security facility: the future spy must gain admittance legally, for example, by befriending someone who in turn gets him an entry permit. The website for the Main Office of the Russian Defense Ministry’s General Staff says broadly that its officers provide the country’s leadership with information meant to create conditions that are “conducive to the successful realisation of Russian state policy on defense and national security,” while also contributing to the state’s development. This language is lifted directly from Russia’s federal law on foreign intelligence gathering.
 
According to the law, Russian intelligence agencies can work confidentially with their informants, and take measures to “conceal their personnel.” Agencies are permitted to use both public and covert methods, but not in relation to Russian citizens, not on Russian territory, and not in cases where people are harmed.
 
The GRU does most of its intelligence gathering through “illegals”, deep-cover agents, who live in foreign states under false names. Additionally, separate identities can be created for agents who travel abroad to carry out special missions, which appears to be what happened with Chepiga and Mishkin.
 
Sometimes, undercover agents’ assignments can last decades. One GRU veteran recalled how his academy classmate was given a backstory and send to live in an Arab country for the next 24 years. He bought a kiosk in a market and opened a shoe-repair business, where he met with agents. There were often reports and dispatches hidden in the heels of the shoes brought to him.
 
Is the GRU responsible for Information War?
Disinformation has been one of the Military Intelligence Directorate’s main objectives since it was founded. From the beginning, KGB foreign intelligence (Department “A”) and the GRU have been responsible for Moscow’s “active measures.” 
The Disinformation Department grew out of the “Disinformburo,” which first appeared in 1923 with the objectives of creating false information and phony documents about domestic affairs in Russia, and “preparing the ground for the release of fake materials.”
 
Some of Russia’s greatest disinformation successes (described in detail in documents available at the Churchill Archives Center) include:
 
• In 1923, the Disinformburo published revelatory articles about Grand Duke Kirill Vladimirovich in newspapers in Bavaria, where he was living, three years before he proclaimed himself emperor in exile. The exposés led many Russian monarchists and German sponsors to abandon him.
 
• In the 1950s, Soviet military intelligence invented reports that the U.S. was using biological weapons in Korea, supposedly dropping bombs filled with insects and rats infected with cholera and the plague.
 
• In the 1960s, military spies spread false rumors about ties between the American intelligence community and the murder of President John F. Kennedy. Soviet agencies financed the work of Mark Lane, who popularized his conspiracy theories in several books. Moscow also fabricated documents and letters linking Lee Harvey Oswald to the CIA and FBI.
 
• Between 1972 and 1973, Soviet intelligence financed roughly 5,000 articles in Indian newspapers in support of then Prime Minister Indira Gandhi.
 
• In 1983, Soviet military intelligence spread rumors that Korean Air Lines Flight 007, shot down by the USSR on September 1, was a spy plane sent by the CIA.
 
• In the late 1980s, Soviet spies circulated false information that the AIDS epidemic was due to experiments at a secret military biological laboratory in the United States. Soviet military intelligence passed fabricated documents to a CIA officer, who later wrote about them in books.
 
• In the late 1980s, Soviet military intelligence promoted conspiracy theories that the 1978 Jonestown deaths were part of a CIA operation.
 
Leonid Shebarshin, one of the top officials in the Soviet intelligence community, said in 2003 that spies are able to find reporters at any newspaper who are willing to publish a needed story for the right price or amount of booze. In 2012, Shebarshin was found dead in his home, after he apparently shot himself. Twenty-one years earlier, the GRU’s supervisor for disinformation in the United States, Dmitry Lisovolik, died when he fell from the window of his apartment.
 
Since the fall of the USSR, the agencies and organisations involved in Russian military intelligence have apparently not abandoned the use of disinformation. 
 
Since 2016, American officials have accused Moscow of running a so-called “troll factory” in St. Petersburg to interfere in US elections by fielding “discourse saboteurs” who operate under phony identities to promote Donald Trump and oppose Hillary Clinton. In 2016, the group allegedly organised political events in the US, and spread viral and promoted content on social networks. 
 
Are the Hackers from the GRU, too?
The GRU is part of the Defense Ministry, and Meduza has written repeatedly about Moscow’s ongoing efforts to build up its cyber-forces, the so-called “research companies”. In 2014, the Russian Defense Ministry created its “information-operation troops” for action in “cyber-confrontations with potential adversaries.” 
 
Later, sources in the Defense Ministry explained that these new troops were meant to “disrupt the potential adversary’s information networks.” Recruiters reportedly went looking for “hackers who have had problems with the law.” According to an instructor at a Defense Ministry center that trains the new cyber-forces, students prepare for future conflicts by “developing cyber-attack algorithms.” In recent years, cyber-attacks on government agencies in multiple countries, Estonia, Georgia, Ukraine, Turkey, and the US, have coincided with escalations in tensions between Moscow and these states.
Additionally, many Russian hackers work at research institutes affiliated with the GRU.
 
Who’s in charge of the GRU?
The director of Russia’s military intelligence is appointed by the president, who controls and coordinates the activities of the entire intelligence community. In 2016, Putin appointed Igor Korobov to serve as the director of the Military Intelligence Directorate. It is not known who is likely to replace him following his recent death.
 
A career intelligence officer who started out in the 1980s, Korobov graduated from the “Conservatory” and went on to oversee Russia’s strategic intelligence gathering, including the management of all foreign stations. 
 
American officials added Korobov to their sanctions list in December 2016 for his “efforts to undermine democracy” by organising Hacker attacks. Nevertheless, Korobov and the directors of Russia’s Federal Security Service (FSB) and Foreign Intelligence Service (SVR) made an unprecedented trip to Washington in February 2018 to meet with members of the US intelligence community to discuss the war against terrorism.
 
Meduza
 
You Might Also Read: 
 
Russia Stands Accused Of Global Hacking Campaign:
 
Cyberattack Revelations Appear To Undercut Russia's UN Efforts:
 
An Intelligence Crisis In Moscow:
 
 
 
 
« The Search To Find Cyber Security Experts Of The Future
AI Is Revolutionising Digital Marketing »

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Tenable Network Security

Tenable Network Security

Tenable Network Security - Need to Evolve to a Risk-Based Vulnerability Management Strategy but Don’t Know How? This Guide Will Show You.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity brings together people, process, and technology through a “software defined” unified security management platform.

GSMA - IoT Security Guidelines

GSMA - IoT Security Guidelines

GSMA has created a set of security guidelines for the benefit of service providers who are looking to develop new IoT products and services.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners provides highly regulated industries with IT security and risk management advisory services.

London Office for Rapid Cybersecurity Advancement (LORCA)

London Office for Rapid Cybersecurity Advancement (LORCA)

LORCA's mission is to support the most promising cyber security innovators in growing solutions to meet the most pressing industry challenges and build the UK’s international cyber security profile.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

P-X Systems

P-X Systems

P-X Systems have developed cyber sensor to monitor an entire infrastructure without having to adapt that infrastructure to make the cybersecurity tool work.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Stratosphere Networks

Stratosphere Networks

Stratosphere Networks offer managed cybersecurity services rooted in Managed Detection and Response and Security Operations Center services that our team can tailor to meet your needs.

TechDemocracy

TechDemocracy

TechDemocracy are a trusted, global cyber risk assurance solutions provider whose DNA is rooted in cyber advisory, managed and implementation services.