What Is The GRU & Who Does It Hack?

Both at home and abroad, the Russian abbreviation of the year has been “GRU”, the erstwhile but still commonly used initialism for the country’s Military Intelligence Directorate. 
 
The agency’s staff now stand accused of Hacking the Democratic National Committee computer network and trying to influence the 2016 US presidential election; hacking various anti-doping agencies and the International Court of Arbitration; and trying to hack the Organisation for the Prohibition of Chemical Weapons in the Netherlands. 
 
Additionally, in what has led to a new wave of Western sanctions against Russia, GRU agents are also accused of poisoning Sergey Skripal, a former GRU colonel who spied for the British, in Salisbury, England. 
 
“Alexander Petrov” and “Ruslan Boshirov”, the two individuals identified by London police who came to Salisbury to try to kill Skripal, are apparently cover names for the GRU agents Alexander Mishkin and Anatoly Chepiga. 
 
 Igor Korobov (pictured) was appointed by Vladimir Putin to serve as the director of the Military Intelligence Directorate and  has been reported as dying of natural causes on 21st November, aged 62. 
 
What is the GRU? What do the initials stand for?
Subordinate to the Defense Ministry, the GRU is Russia’s Main Intelligence Directorate, and technically speaking it doesn’t exist. In 2010, following major reforms to the army, Russia’s military intelligence agency was renamed “the Main Office of the General Staff of the Defense Ministry.” 
 
This change, however, hasn’t stopped anyone from referring to the organisation or its members as “the GRU”, an initialism that’s now used constantly by journalists and in official documents, including indictments by the US government and announcements by the Dutch authorities.
 
What’s the difference between the GRU and Russia’s Foreign Intelligence Service (SVR)?
What separates the GRU and SVR seems to be perceptible only to those inside the two agencies. In 2006, one SVR Lieutenant General explained that the SVR collects “political” intelligence, while the GRU collects “military” intelligence. The structure and activities of both agencies are classified as state secrets.
 
The defector Sergey Tretyakov revealed more than anyone about the SVR’s methods and training in a collection of interviews, published in 2008 as a book titled “Comrade J.: The Untold Secrets of Russia's Master Spy in America After the End of the Cold War,” written by journalist Pete Earley. 
 
The grandson and son of KGB officers, Tretyakov spent his youth reading Ian Fleming novels and dreaming of becoming a spy. In the early 1980s, KGB recruiters invited him to participate in a student-exchange program to France, where he would collect intelligence about the newly elected president, François Mitterrand. When Tretyakov returned, he was sent to the “Forest School” not far from Medvedkovo in northeast Moscow, like other young intelligence workers.
 
In New York, Russian intelligence agents worked in the Manhattan building that housed Russia’s Permanent Mission to the UN. Ordinary diplomats used the lower five floors, while intelligence workers and cryptographers occupied the upper stories, the so-called “submarine” floors. The walls in this building were fitted with vibrating pipes that emitted white noise, and there was a total absence of telephones and Internet-connected computers. 
 
How does the GRU choose and train its staff? What is the “Conservatory”?
GRU officers train at the Defense Ministry’s Military Academy, at 50 Narodnoe Opolchenie Street in Moscow, not far from the region where you’ll find the GRU’s headquarters and the research institutes affiliated with Russia’s military intelligence. The academy is better known as “the Conservatory.”
 
Military intelligence agents, including cybersecurity specialists, also train at the Cherepovets Higher Military School of Radio Electronics. Another training grounds for GRU agents is the Alexander Mozhaysky Military Space Academy, where Alexey Morenets, the GRU agent recently accused of carrying out hacker attacks in the Netherlands, was a student. Academy instructors usually choose their new students by sending out recruiters to military units across the country, reviewing the records of young officers. They interview potential recruits at their homes and then invite the most promising candidates to Moscow for testing.
 
One test might ask them to repeat a phrase in an unfamiliar language, while another could show them dozens of mug shots and then ask candidates to recite each person’s name. There are also interviews with a review board, which might ask candidates about their favorite alcoholic beverages, their reasons for wanting to join Russia’s military intelligence, and even their attitudes about women.
 
Training lasts three years. The first year of instruction puts special emphasis on foreign languages, operating special-purpose machinery, area studies, encryption, decryption, and covert intelligence work. There are even classes in how to invent your own “legend” (backstory) and how to evade surveillance.
 
One of the most important assignments at the Conservatory is penetrating a high-security facility: the future spy must gain admittance legally, for example, by befriending someone who in turn gets him an entry permit. The website for the Main Office of the Russian Defense Ministry’s General Staff says broadly that its officers provide the country’s leadership with information meant to create conditions that are “conducive to the successful realisation of Russian state policy on defense and national security,” while also contributing to the state’s development. This language is lifted directly from Russia’s federal law on foreign intelligence gathering.
 
According to the law, Russian intelligence agencies can work confidentially with their informants, and take measures to “conceal their personnel.” Agencies are permitted to use both public and covert methods, but not in relation to Russian citizens, not on Russian territory, and not in cases where people are harmed.
 
The GRU does most of its intelligence gathering through “illegals”, deep-cover agents, who live in foreign states under false names. Additionally, separate identities can be created for agents who travel abroad to carry out special missions, which appears to be what happened with Chepiga and Mishkin.
 
Sometimes, undercover agents’ assignments can last decades. One GRU veteran recalled how his academy classmate was given a backstory and send to live in an Arab country for the next 24 years. He bought a kiosk in a market and opened a shoe-repair business, where he met with agents. There were often reports and dispatches hidden in the heels of the shoes brought to him.
 
Is the GRU responsible for Information War?
Disinformation has been one of the Military Intelligence Directorate’s main objectives since it was founded. From the beginning, KGB foreign intelligence (Department “A”) and the GRU have been responsible for Moscow’s “active measures.” 
The Disinformation Department grew out of the “Disinformburo,” which first appeared in 1923 with the objectives of creating false information and phony documents about domestic affairs in Russia, and “preparing the ground for the release of fake materials.”
 
Some of Russia’s greatest disinformation successes (described in detail in documents available at the Churchill Archives Center) include:
 
• In 1923, the Disinformburo published revelatory articles about Grand Duke Kirill Vladimirovich in newspapers in Bavaria, where he was living, three years before he proclaimed himself emperor in exile. The exposés led many Russian monarchists and German sponsors to abandon him.
 
• In the 1950s, Soviet military intelligence invented reports that the U.S. was using biological weapons in Korea, supposedly dropping bombs filled with insects and rats infected with cholera and the plague.
 
• In the 1960s, military spies spread false rumors about ties between the American intelligence community and the murder of President John F. Kennedy. Soviet agencies financed the work of Mark Lane, who popularized his conspiracy theories in several books. Moscow also fabricated documents and letters linking Lee Harvey Oswald to the CIA and FBI.
 
• Between 1972 and 1973, Soviet intelligence financed roughly 5,000 articles in Indian newspapers in support of then Prime Minister Indira Gandhi.
 
• In 1983, Soviet military intelligence spread rumors that Korean Air Lines Flight 007, shot down by the USSR on September 1, was a spy plane sent by the CIA.
 
• In the late 1980s, Soviet spies circulated false information that the AIDS epidemic was due to experiments at a secret military biological laboratory in the United States. Soviet military intelligence passed fabricated documents to a CIA officer, who later wrote about them in books.
 
• In the late 1980s, Soviet military intelligence promoted conspiracy theories that the 1978 Jonestown deaths were part of a CIA operation.
 
Leonid Shebarshin, one of the top officials in the Soviet intelligence community, said in 2003 that spies are able to find reporters at any newspaper who are willing to publish a needed story for the right price or amount of booze. In 2012, Shebarshin was found dead in his home, after he apparently shot himself. Twenty-one years earlier, the GRU’s supervisor for disinformation in the United States, Dmitry Lisovolik, died when he fell from the window of his apartment.
 
Since the fall of the USSR, the agencies and organisations involved in Russian military intelligence have apparently not abandoned the use of disinformation. 
 
Since 2016, American officials have accused Moscow of running a so-called “troll factory” in St. Petersburg to interfere in US elections by fielding “discourse saboteurs” who operate under phony identities to promote Donald Trump and oppose Hillary Clinton. In 2016, the group allegedly organised political events in the US, and spread viral and promoted content on social networks. 
 
Are the Hackers from the GRU, too?
The GRU is part of the Defense Ministry, and Meduza has written repeatedly about Moscow’s ongoing efforts to build up its cyber-forces, the so-called “research companies”. In 2014, the Russian Defense Ministry created its “information-operation troops” for action in “cyber-confrontations with potential adversaries.” 
 
Later, sources in the Defense Ministry explained that these new troops were meant to “disrupt the potential adversary’s information networks.” Recruiters reportedly went looking for “hackers who have had problems with the law.” According to an instructor at a Defense Ministry center that trains the new cyber-forces, students prepare for future conflicts by “developing cyber-attack algorithms.” In recent years, cyber-attacks on government agencies in multiple countries, Estonia, Georgia, Ukraine, Turkey, and the US, have coincided with escalations in tensions between Moscow and these states.
Additionally, many Russian hackers work at research institutes affiliated with the GRU.
 
Who’s in charge of the GRU?
The director of Russia’s military intelligence is appointed by the president, who controls and coordinates the activities of the entire intelligence community. In 2016, Putin appointed Igor Korobov to serve as the director of the Military Intelligence Directorate. It is not known who is likely to replace him following his recent death.
 
A career intelligence officer who started out in the 1980s, Korobov graduated from the “Conservatory” and went on to oversee Russia’s strategic intelligence gathering, including the management of all foreign stations. 
 
American officials added Korobov to their sanctions list in December 2016 for his “efforts to undermine democracy” by organising Hacker attacks. Nevertheless, Korobov and the directors of Russia’s Federal Security Service (FSB) and Foreign Intelligence Service (SVR) made an unprecedented trip to Washington in February 2018 to meet with members of the US intelligence community to discuss the war against terrorism.
 
Meduza
 
You Might Also Read: 
 
Russia Stands Accused Of Global Hacking Campaign:
 
Cyberattack Revelations Appear To Undercut Russia's UN Efforts:
 
An Intelligence Crisis In Moscow:
 
 
 
 
« The Search To Find Cyber Security Experts Of The Future
AI Is Revolutionising Digital Marketing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

Cyber Risk Policies

Cyber Risk Policies

CyberRiskPolicy.com is a joint venture between the Poindexter Surety Group of companies and Gibbs Cyber Security.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

HackLabs

HackLabs

HackLabs is a penetration testing company providing services for network security, web application security and social engineering testing.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

Cyber Wales

Cyber Wales

Cyber Wales provides a focus and forum for everyone in the industry, helping businesses come together and collaborate both within Wales and internationally.

Diateam

Diateam

Diateam is an R&D company specializing in computer security. Diateam develops highly innovative cyber range platforms and Industry-leading systems for cybersecurity training and testing labs.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

Crygma

Crygma

CRYGMA Quantum-Resistant Cryptographic Machines, the new standard in data encryption.

SeQure

SeQure

SeQure is a cutting-edge startup specializing in the development of advanced security infrastructure for artificial intelligence and blockchain.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.