What Is The GRU & Who Does It Hack?

Both at home and abroad, the Russian abbreviation of the year has been “GRU”, the erstwhile but still commonly used initialism for the country’s Military Intelligence Directorate. 
 
The agency’s staff now stand accused of Hacking the Democratic National Committee computer network and trying to influence the 2016 US presidential election; hacking various anti-doping agencies and the International Court of Arbitration; and trying to hack the Organisation for the Prohibition of Chemical Weapons in the Netherlands. 
 
Additionally, in what has led to a new wave of Western sanctions against Russia, GRU agents are also accused of poisoning Sergey Skripal, a former GRU colonel who spied for the British, in Salisbury, England. 
 
“Alexander Petrov” and “Ruslan Boshirov”, the two individuals identified by London police who came to Salisbury to try to kill Skripal, are apparently cover names for the GRU agents Alexander Mishkin and Anatoly Chepiga. 
 
 Igor Korobov (pictured) was appointed by Vladimir Putin to serve as the director of the Military Intelligence Directorate and  has been reported as dying of natural causes on 21st November, aged 62. 
 
What is the GRU? What do the initials stand for?
Subordinate to the Defense Ministry, the GRU is Russia’s Main Intelligence Directorate, and technically speaking it doesn’t exist. In 2010, following major reforms to the army, Russia’s military intelligence agency was renamed “the Main Office of the General Staff of the Defense Ministry.” 
 
This change, however, hasn’t stopped anyone from referring to the organisation or its members as “the GRU”, an initialism that’s now used constantly by journalists and in official documents, including indictments by the US government and announcements by the Dutch authorities.
 
What’s the difference between the GRU and Russia’s Foreign Intelligence Service (SVR)?
What separates the GRU and SVR seems to be perceptible only to those inside the two agencies. In 2006, one SVR Lieutenant General explained that the SVR collects “political” intelligence, while the GRU collects “military” intelligence. The structure and activities of both agencies are classified as state secrets.
 
The defector Sergey Tretyakov revealed more than anyone about the SVR’s methods and training in a collection of interviews, published in 2008 as a book titled “Comrade J.: The Untold Secrets of Russia's Master Spy in America After the End of the Cold War,” written by journalist Pete Earley. 
 
The grandson and son of KGB officers, Tretyakov spent his youth reading Ian Fleming novels and dreaming of becoming a spy. In the early 1980s, KGB recruiters invited him to participate in a student-exchange program to France, where he would collect intelligence about the newly elected president, François Mitterrand. When Tretyakov returned, he was sent to the “Forest School” not far from Medvedkovo in northeast Moscow, like other young intelligence workers.
 
In New York, Russian intelligence agents worked in the Manhattan building that housed Russia’s Permanent Mission to the UN. Ordinary diplomats used the lower five floors, while intelligence workers and cryptographers occupied the upper stories, the so-called “submarine” floors. The walls in this building were fitted with vibrating pipes that emitted white noise, and there was a total absence of telephones and Internet-connected computers. 
 
How does the GRU choose and train its staff? What is the “Conservatory”?
GRU officers train at the Defense Ministry’s Military Academy, at 50 Narodnoe Opolchenie Street in Moscow, not far from the region where you’ll find the GRU’s headquarters and the research institutes affiliated with Russia’s military intelligence. The academy is better known as “the Conservatory.”
 
Military intelligence agents, including cybersecurity specialists, also train at the Cherepovets Higher Military School of Radio Electronics. Another training grounds for GRU agents is the Alexander Mozhaysky Military Space Academy, where Alexey Morenets, the GRU agent recently accused of carrying out hacker attacks in the Netherlands, was a student. Academy instructors usually choose their new students by sending out recruiters to military units across the country, reviewing the records of young officers. They interview potential recruits at their homes and then invite the most promising candidates to Moscow for testing.
 
One test might ask them to repeat a phrase in an unfamiliar language, while another could show them dozens of mug shots and then ask candidates to recite each person’s name. There are also interviews with a review board, which might ask candidates about their favorite alcoholic beverages, their reasons for wanting to join Russia’s military intelligence, and even their attitudes about women.
 
Training lasts three years. The first year of instruction puts special emphasis on foreign languages, operating special-purpose machinery, area studies, encryption, decryption, and covert intelligence work. There are even classes in how to invent your own “legend” (backstory) and how to evade surveillance.
 
One of the most important assignments at the Conservatory is penetrating a high-security facility: the future spy must gain admittance legally, for example, by befriending someone who in turn gets him an entry permit. The website for the Main Office of the Russian Defense Ministry’s General Staff says broadly that its officers provide the country’s leadership with information meant to create conditions that are “conducive to the successful realisation of Russian state policy on defense and national security,” while also contributing to the state’s development. This language is lifted directly from Russia’s federal law on foreign intelligence gathering.
 
According to the law, Russian intelligence agencies can work confidentially with their informants, and take measures to “conceal their personnel.” Agencies are permitted to use both public and covert methods, but not in relation to Russian citizens, not on Russian territory, and not in cases where people are harmed.
 
The GRU does most of its intelligence gathering through “illegals”, deep-cover agents, who live in foreign states under false names. Additionally, separate identities can be created for agents who travel abroad to carry out special missions, which appears to be what happened with Chepiga and Mishkin.
 
Sometimes, undercover agents’ assignments can last decades. One GRU veteran recalled how his academy classmate was given a backstory and send to live in an Arab country for the next 24 years. He bought a kiosk in a market and opened a shoe-repair business, where he met with agents. There were often reports and dispatches hidden in the heels of the shoes brought to him.
 
Is the GRU responsible for Information War?
Disinformation has been one of the Military Intelligence Directorate’s main objectives since it was founded. From the beginning, KGB foreign intelligence (Department “A”) and the GRU have been responsible for Moscow’s “active measures.” 
The Disinformation Department grew out of the “Disinformburo,” which first appeared in 1923 with the objectives of creating false information and phony documents about domestic affairs in Russia, and “preparing the ground for the release of fake materials.”
 
Some of Russia’s greatest disinformation successes (described in detail in documents available at the Churchill Archives Center) include:
 
• In 1923, the Disinformburo published revelatory articles about Grand Duke Kirill Vladimirovich in newspapers in Bavaria, where he was living, three years before he proclaimed himself emperor in exile. The exposés led many Russian monarchists and German sponsors to abandon him.
 
• In the 1950s, Soviet military intelligence invented reports that the U.S. was using biological weapons in Korea, supposedly dropping bombs filled with insects and rats infected with cholera and the plague.
 
• In the 1960s, military spies spread false rumors about ties between the American intelligence community and the murder of President John F. Kennedy. Soviet agencies financed the work of Mark Lane, who popularized his conspiracy theories in several books. Moscow also fabricated documents and letters linking Lee Harvey Oswald to the CIA and FBI.
 
• Between 1972 and 1973, Soviet intelligence financed roughly 5,000 articles in Indian newspapers in support of then Prime Minister Indira Gandhi.
 
• In 1983, Soviet military intelligence spread rumors that Korean Air Lines Flight 007, shot down by the USSR on September 1, was a spy plane sent by the CIA.
 
• In the late 1980s, Soviet spies circulated false information that the AIDS epidemic was due to experiments at a secret military biological laboratory in the United States. Soviet military intelligence passed fabricated documents to a CIA officer, who later wrote about them in books.
 
• In the late 1980s, Soviet military intelligence promoted conspiracy theories that the 1978 Jonestown deaths were part of a CIA operation.
 
Leonid Shebarshin, one of the top officials in the Soviet intelligence community, said in 2003 that spies are able to find reporters at any newspaper who are willing to publish a needed story for the right price or amount of booze. In 2012, Shebarshin was found dead in his home, after he apparently shot himself. Twenty-one years earlier, the GRU’s supervisor for disinformation in the United States, Dmitry Lisovolik, died when he fell from the window of his apartment.
 
Since the fall of the USSR, the agencies and organisations involved in Russian military intelligence have apparently not abandoned the use of disinformation. 
 
Since 2016, American officials have accused Moscow of running a so-called “troll factory” in St. Petersburg to interfere in US elections by fielding “discourse saboteurs” who operate under phony identities to promote Donald Trump and oppose Hillary Clinton. In 2016, the group allegedly organised political events in the US, and spread viral and promoted content on social networks. 
 
Are the Hackers from the GRU, too?
The GRU is part of the Defense Ministry, and Meduza has written repeatedly about Moscow’s ongoing efforts to build up its cyber-forces, the so-called “research companies”. In 2014, the Russian Defense Ministry created its “information-operation troops” for action in “cyber-confrontations with potential adversaries.” 
 
Later, sources in the Defense Ministry explained that these new troops were meant to “disrupt the potential adversary’s information networks.” Recruiters reportedly went looking for “hackers who have had problems with the law.” According to an instructor at a Defense Ministry center that trains the new cyber-forces, students prepare for future conflicts by “developing cyber-attack algorithms.” In recent years, cyber-attacks on government agencies in multiple countries, Estonia, Georgia, Ukraine, Turkey, and the US, have coincided with escalations in tensions between Moscow and these states.
Additionally, many Russian hackers work at research institutes affiliated with the GRU.
 
Who’s in charge of the GRU?
The director of Russia’s military intelligence is appointed by the president, who controls and coordinates the activities of the entire intelligence community. In 2016, Putin appointed Igor Korobov to serve as the director of the Military Intelligence Directorate. It is not known who is likely to replace him following his recent death.
 
A career intelligence officer who started out in the 1980s, Korobov graduated from the “Conservatory” and went on to oversee Russia’s strategic intelligence gathering, including the management of all foreign stations. 
 
American officials added Korobov to their sanctions list in December 2016 for his “efforts to undermine democracy” by organising Hacker attacks. Nevertheless, Korobov and the directors of Russia’s Federal Security Service (FSB) and Foreign Intelligence Service (SVR) made an unprecedented trip to Washington in February 2018 to meet with members of the US intelligence community to discuss the war against terrorism.
 
Meduza
 
You Might Also Read: 
 
Russia Stands Accused Of Global Hacking Campaign:
 
Cyberattack Revelations Appear To Undercut Russia's UN Efforts:
 
An Intelligence Crisis In Moscow:
 
 
 
 
« The Search To Find Cyber Security Experts Of The Future
AI Is Revolutionising Digital Marketing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NPCore

NPCore

NPCore is specialized in defense solution against unknown APT and Ransomware and provides two-level defense on network and endpoint based on behavior.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions creates enterprise mobility and file sharing solutions for companies, teams and freelancers.

IT Career Switch

IT Career Switch

An IT Career Switch Traineeship is the easiest way to start a new career in IT or Cybersecurity with fantastic career prospects.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Acreto

Acreto

Acreto is an end-to-end security infrastructure that protects all your technologies with a single, simple cloud service.

QGroup

QGroup

QGroup has been re-designing the consultancy industry since 2012. We're a rapidly expanding group of consulting companies that deliver bespoke IT services including cybersecurity.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Cyberwatch Finland

Cyberwatch Finland

Cyberwatch Finland's services improve decision-makers’ strategic situational picture and enable successful holistic cyber risk management.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

SecureChain AI

SecureChain AI

SecureChain are combining blockchain and AI technology to create a smarter blockchain platform especially in terms of security.

AgilePQ

AgilePQ

AgilePQ visibly secures IoT devices worldwide to protect the privacy, safety, and well-being of all people.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.