What Is The GRU & Who Does It Hack?

Both at home and abroad, the Russian abbreviation of the year has been “GRU”, the erstwhile but still commonly used initialism for the country’s Military Intelligence Directorate. 
 
The agency’s staff now stand accused of Hacking the Democratic National Committee computer network and trying to influence the 2016 US presidential election; hacking various anti-doping agencies and the International Court of Arbitration; and trying to hack the Organisation for the Prohibition of Chemical Weapons in the Netherlands. 
 
Additionally, in what has led to a new wave of Western sanctions against Russia, GRU agents are also accused of poisoning Sergey Skripal, a former GRU colonel who spied for the British, in Salisbury, England. 
 
“Alexander Petrov” and “Ruslan Boshirov”, the two individuals identified by London police who came to Salisbury to try to kill Skripal, are apparently cover names for the GRU agents Alexander Mishkin and Anatoly Chepiga. 
 
 Igor Korobov (pictured) was appointed by Vladimir Putin to serve as the director of the Military Intelligence Directorate and  has been reported as dying of natural causes on 21st November, aged 62. 
 
What is the GRU? What do the initials stand for?
Subordinate to the Defense Ministry, the GRU is Russia’s Main Intelligence Directorate, and technically speaking it doesn’t exist. In 2010, following major reforms to the army, Russia’s military intelligence agency was renamed “the Main Office of the General Staff of the Defense Ministry.” 
 
This change, however, hasn’t stopped anyone from referring to the organisation or its members as “the GRU”, an initialism that’s now used constantly by journalists and in official documents, including indictments by the US government and announcements by the Dutch authorities.
 
What’s the difference between the GRU and Russia’s Foreign Intelligence Service (SVR)?
What separates the GRU and SVR seems to be perceptible only to those inside the two agencies. In 2006, one SVR Lieutenant General explained that the SVR collects “political” intelligence, while the GRU collects “military” intelligence. The structure and activities of both agencies are classified as state secrets.
 
The defector Sergey Tretyakov revealed more than anyone about the SVR’s methods and training in a collection of interviews, published in 2008 as a book titled “Comrade J.: The Untold Secrets of Russia's Master Spy in America After the End of the Cold War,” written by journalist Pete Earley. 
 
The grandson and son of KGB officers, Tretyakov spent his youth reading Ian Fleming novels and dreaming of becoming a spy. In the early 1980s, KGB recruiters invited him to participate in a student-exchange program to France, where he would collect intelligence about the newly elected president, François Mitterrand. When Tretyakov returned, he was sent to the “Forest School” not far from Medvedkovo in northeast Moscow, like other young intelligence workers.
 
In New York, Russian intelligence agents worked in the Manhattan building that housed Russia’s Permanent Mission to the UN. Ordinary diplomats used the lower five floors, while intelligence workers and cryptographers occupied the upper stories, the so-called “submarine” floors. The walls in this building were fitted with vibrating pipes that emitted white noise, and there was a total absence of telephones and Internet-connected computers. 
 
How does the GRU choose and train its staff? What is the “Conservatory”?
GRU officers train at the Defense Ministry’s Military Academy, at 50 Narodnoe Opolchenie Street in Moscow, not far from the region where you’ll find the GRU’s headquarters and the research institutes affiliated with Russia’s military intelligence. The academy is better known as “the Conservatory.”
 
Military intelligence agents, including cybersecurity specialists, also train at the Cherepovets Higher Military School of Radio Electronics. Another training grounds for GRU agents is the Alexander Mozhaysky Military Space Academy, where Alexey Morenets, the GRU agent recently accused of carrying out hacker attacks in the Netherlands, was a student. Academy instructors usually choose their new students by sending out recruiters to military units across the country, reviewing the records of young officers. They interview potential recruits at their homes and then invite the most promising candidates to Moscow for testing.
 
One test might ask them to repeat a phrase in an unfamiliar language, while another could show them dozens of mug shots and then ask candidates to recite each person’s name. There are also interviews with a review board, which might ask candidates about their favorite alcoholic beverages, their reasons for wanting to join Russia’s military intelligence, and even their attitudes about women.
 
Training lasts three years. The first year of instruction puts special emphasis on foreign languages, operating special-purpose machinery, area studies, encryption, decryption, and covert intelligence work. There are even classes in how to invent your own “legend” (backstory) and how to evade surveillance.
 
One of the most important assignments at the Conservatory is penetrating a high-security facility: the future spy must gain admittance legally, for example, by befriending someone who in turn gets him an entry permit. The website for the Main Office of the Russian Defense Ministry’s General Staff says broadly that its officers provide the country’s leadership with information meant to create conditions that are “conducive to the successful realisation of Russian state policy on defense and national security,” while also contributing to the state’s development. This language is lifted directly from Russia’s federal law on foreign intelligence gathering.
 
According to the law, Russian intelligence agencies can work confidentially with their informants, and take measures to “conceal their personnel.” Agencies are permitted to use both public and covert methods, but not in relation to Russian citizens, not on Russian territory, and not in cases where people are harmed.
 
The GRU does most of its intelligence gathering through “illegals”, deep-cover agents, who live in foreign states under false names. Additionally, separate identities can be created for agents who travel abroad to carry out special missions, which appears to be what happened with Chepiga and Mishkin.
 
Sometimes, undercover agents’ assignments can last decades. One GRU veteran recalled how his academy classmate was given a backstory and send to live in an Arab country for the next 24 years. He bought a kiosk in a market and opened a shoe-repair business, where he met with agents. There were often reports and dispatches hidden in the heels of the shoes brought to him.
 
Is the GRU responsible for Information War?
Disinformation has been one of the Military Intelligence Directorate’s main objectives since it was founded. From the beginning, KGB foreign intelligence (Department “A”) and the GRU have been responsible for Moscow’s “active measures.” 
The Disinformation Department grew out of the “Disinformburo,” which first appeared in 1923 with the objectives of creating false information and phony documents about domestic affairs in Russia, and “preparing the ground for the release of fake materials.”
 
Some of Russia’s greatest disinformation successes (described in detail in documents available at the Churchill Archives Center) include:
 
• In 1923, the Disinformburo published revelatory articles about Grand Duke Kirill Vladimirovich in newspapers in Bavaria, where he was living, three years before he proclaimed himself emperor in exile. The exposés led many Russian monarchists and German sponsors to abandon him.
 
• In the 1950s, Soviet military intelligence invented reports that the U.S. was using biological weapons in Korea, supposedly dropping bombs filled with insects and rats infected with cholera and the plague.
 
• In the 1960s, military spies spread false rumors about ties between the American intelligence community and the murder of President John F. Kennedy. Soviet agencies financed the work of Mark Lane, who popularized his conspiracy theories in several books. Moscow also fabricated documents and letters linking Lee Harvey Oswald to the CIA and FBI.
 
• Between 1972 and 1973, Soviet intelligence financed roughly 5,000 articles in Indian newspapers in support of then Prime Minister Indira Gandhi.
 
• In 1983, Soviet military intelligence spread rumors that Korean Air Lines Flight 007, shot down by the USSR on September 1, was a spy plane sent by the CIA.
 
• In the late 1980s, Soviet spies circulated false information that the AIDS epidemic was due to experiments at a secret military biological laboratory in the United States. Soviet military intelligence passed fabricated documents to a CIA officer, who later wrote about them in books.
 
• In the late 1980s, Soviet military intelligence promoted conspiracy theories that the 1978 Jonestown deaths were part of a CIA operation.
 
Leonid Shebarshin, one of the top officials in the Soviet intelligence community, said in 2003 that spies are able to find reporters at any newspaper who are willing to publish a needed story for the right price or amount of booze. In 2012, Shebarshin was found dead in his home, after he apparently shot himself. Twenty-one years earlier, the GRU’s supervisor for disinformation in the United States, Dmitry Lisovolik, died when he fell from the window of his apartment.
 
Since the fall of the USSR, the agencies and organisations involved in Russian military intelligence have apparently not abandoned the use of disinformation. 
 
Since 2016, American officials have accused Moscow of running a so-called “troll factory” in St. Petersburg to interfere in US elections by fielding “discourse saboteurs” who operate under phony identities to promote Donald Trump and oppose Hillary Clinton. In 2016, the group allegedly organised political events in the US, and spread viral and promoted content on social networks. 
 
Are the Hackers from the GRU, too?
The GRU is part of the Defense Ministry, and Meduza has written repeatedly about Moscow’s ongoing efforts to build up its cyber-forces, the so-called “research companies”. In 2014, the Russian Defense Ministry created its “information-operation troops” for action in “cyber-confrontations with potential adversaries.” 
 
Later, sources in the Defense Ministry explained that these new troops were meant to “disrupt the potential adversary’s information networks.” Recruiters reportedly went looking for “hackers who have had problems with the law.” According to an instructor at a Defense Ministry center that trains the new cyber-forces, students prepare for future conflicts by “developing cyber-attack algorithms.” In recent years, cyber-attacks on government agencies in multiple countries, Estonia, Georgia, Ukraine, Turkey, and the US, have coincided with escalations in tensions between Moscow and these states.
Additionally, many Russian hackers work at research institutes affiliated with the GRU.
 
Who’s in charge of the GRU?
The director of Russia’s military intelligence is appointed by the president, who controls and coordinates the activities of the entire intelligence community. In 2016, Putin appointed Igor Korobov to serve as the director of the Military Intelligence Directorate. It is not known who is likely to replace him following his recent death.
 
A career intelligence officer who started out in the 1980s, Korobov graduated from the “Conservatory” and went on to oversee Russia’s strategic intelligence gathering, including the management of all foreign stations. 
 
American officials added Korobov to their sanctions list in December 2016 for his “efforts to undermine democracy” by organising Hacker attacks. Nevertheless, Korobov and the directors of Russia’s Federal Security Service (FSB) and Foreign Intelligence Service (SVR) made an unprecedented trip to Washington in February 2018 to meet with members of the US intelligence community to discuss the war against terrorism.
 
Meduza
 
You Might Also Read: 
 
Russia Stands Accused Of Global Hacking Campaign:
 
Cyberattack Revelations Appear To Undercut Russia's UN Efforts:
 
An Intelligence Crisis In Moscow:
 
 
 
 
« The Search To Find Cyber Security Experts Of The Future
AI Is Revolutionising Digital Marketing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Site24x7

Site24x7

Site24x7 is an all-in-one performance monitoring solution for Networks, Websites, Servers and Applications.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

InfoWatch

InfoWatch

InfoWatch solutions allow you to protect data and information assets that are critically important to your business.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

Cybersecurity Collaborative

Cybersecurity Collaborative

CyberSecurity Collaborative is a forum for CISOs to share information that will collectively make us stronger, and better equipped to protect our enterprises from those seeking to damage them.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

Security Innovation Network (SINET)

Security Innovation Network (SINET)

SINET is dedicated to building a cohesive, worldwide Cybersecurity community with the goal of accelerating innovation through collaboration.

ITsMine

ITsMine

ITsMine’s Beyond DLP™? solution is a leading Data Loss Prevention (DLP) solution used by organizations to protect against internal and external threats automatically.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

Lantaca

Lantaca

Lantaca specialize in cloud-based security solutions for modern networks.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.