What Is The GRU & Who Does It Hack?

Both at home and abroad, the Russian abbreviation of the year has been “GRU”, the erstwhile but still commonly used initialism for the country’s Military Intelligence Directorate. 
 
The agency’s staff now stand accused of Hacking the Democratic National Committee computer network and trying to influence the 2016 US presidential election; hacking various anti-doping agencies and the International Court of Arbitration; and trying to hack the Organisation for the Prohibition of Chemical Weapons in the Netherlands. 
 
Additionally, in what has led to a new wave of Western sanctions against Russia, GRU agents are also accused of poisoning Sergey Skripal, a former GRU colonel who spied for the British, in Salisbury, England. 
 
“Alexander Petrov” and “Ruslan Boshirov”, the two individuals identified by London police who came to Salisbury to try to kill Skripal, are apparently cover names for the GRU agents Alexander Mishkin and Anatoly Chepiga. 
 
 Igor Korobov (pictured) was appointed by Vladimir Putin to serve as the director of the Military Intelligence Directorate and  has been reported as dying of natural causes on 21st November, aged 62. 
 
What is the GRU? What do the initials stand for?
Subordinate to the Defense Ministry, the GRU is Russia’s Main Intelligence Directorate, and technically speaking it doesn’t exist. In 2010, following major reforms to the army, Russia’s military intelligence agency was renamed “the Main Office of the General Staff of the Defense Ministry.” 
 
This change, however, hasn’t stopped anyone from referring to the organisation or its members as “the GRU”, an initialism that’s now used constantly by journalists and in official documents, including indictments by the US government and announcements by the Dutch authorities.
 
What’s the difference between the GRU and Russia’s Foreign Intelligence Service (SVR)?
What separates the GRU and SVR seems to be perceptible only to those inside the two agencies. In 2006, one SVR Lieutenant General explained that the SVR collects “political” intelligence, while the GRU collects “military” intelligence. The structure and activities of both agencies are classified as state secrets.
 
The defector Sergey Tretyakov revealed more than anyone about the SVR’s methods and training in a collection of interviews, published in 2008 as a book titled “Comrade J.: The Untold Secrets of Russia's Master Spy in America After the End of the Cold War,” written by journalist Pete Earley. 
 
The grandson and son of KGB officers, Tretyakov spent his youth reading Ian Fleming novels and dreaming of becoming a spy. In the early 1980s, KGB recruiters invited him to participate in a student-exchange program to France, where he would collect intelligence about the newly elected president, François Mitterrand. When Tretyakov returned, he was sent to the “Forest School” not far from Medvedkovo in northeast Moscow, like other young intelligence workers.
 
In New York, Russian intelligence agents worked in the Manhattan building that housed Russia’s Permanent Mission to the UN. Ordinary diplomats used the lower five floors, while intelligence workers and cryptographers occupied the upper stories, the so-called “submarine” floors. The walls in this building were fitted with vibrating pipes that emitted white noise, and there was a total absence of telephones and Internet-connected computers. 
 
How does the GRU choose and train its staff? What is the “Conservatory”?
GRU officers train at the Defense Ministry’s Military Academy, at 50 Narodnoe Opolchenie Street in Moscow, not far from the region where you’ll find the GRU’s headquarters and the research institutes affiliated with Russia’s military intelligence. The academy is better known as “the Conservatory.”
 
Military intelligence agents, including cybersecurity specialists, also train at the Cherepovets Higher Military School of Radio Electronics. Another training grounds for GRU agents is the Alexander Mozhaysky Military Space Academy, where Alexey Morenets, the GRU agent recently accused of carrying out hacker attacks in the Netherlands, was a student. Academy instructors usually choose their new students by sending out recruiters to military units across the country, reviewing the records of young officers. They interview potential recruits at their homes and then invite the most promising candidates to Moscow for testing.
 
One test might ask them to repeat a phrase in an unfamiliar language, while another could show them dozens of mug shots and then ask candidates to recite each person’s name. There are also interviews with a review board, which might ask candidates about their favorite alcoholic beverages, their reasons for wanting to join Russia’s military intelligence, and even their attitudes about women.
 
Training lasts three years. The first year of instruction puts special emphasis on foreign languages, operating special-purpose machinery, area studies, encryption, decryption, and covert intelligence work. There are even classes in how to invent your own “legend” (backstory) and how to evade surveillance.
 
One of the most important assignments at the Conservatory is penetrating a high-security facility: the future spy must gain admittance legally, for example, by befriending someone who in turn gets him an entry permit. The website for the Main Office of the Russian Defense Ministry’s General Staff says broadly that its officers provide the country’s leadership with information meant to create conditions that are “conducive to the successful realisation of Russian state policy on defense and national security,” while also contributing to the state’s development. This language is lifted directly from Russia’s federal law on foreign intelligence gathering.
 
According to the law, Russian intelligence agencies can work confidentially with their informants, and take measures to “conceal their personnel.” Agencies are permitted to use both public and covert methods, but not in relation to Russian citizens, not on Russian territory, and not in cases where people are harmed.
 
The GRU does most of its intelligence gathering through “illegals”, deep-cover agents, who live in foreign states under false names. Additionally, separate identities can be created for agents who travel abroad to carry out special missions, which appears to be what happened with Chepiga and Mishkin.
 
Sometimes, undercover agents’ assignments can last decades. One GRU veteran recalled how his academy classmate was given a backstory and send to live in an Arab country for the next 24 years. He bought a kiosk in a market and opened a shoe-repair business, where he met with agents. There were often reports and dispatches hidden in the heels of the shoes brought to him.
 
Is the GRU responsible for Information War?
Disinformation has been one of the Military Intelligence Directorate’s main objectives since it was founded. From the beginning, KGB foreign intelligence (Department “A”) and the GRU have been responsible for Moscow’s “active measures.” 
The Disinformation Department grew out of the “Disinformburo,” which first appeared in 1923 with the objectives of creating false information and phony documents about domestic affairs in Russia, and “preparing the ground for the release of fake materials.”
 
Some of Russia’s greatest disinformation successes (described in detail in documents available at the Churchill Archives Center) include:
 
• In 1923, the Disinformburo published revelatory articles about Grand Duke Kirill Vladimirovich in newspapers in Bavaria, where he was living, three years before he proclaimed himself emperor in exile. The exposés led many Russian monarchists and German sponsors to abandon him.
 
• In the 1950s, Soviet military intelligence invented reports that the U.S. was using biological weapons in Korea, supposedly dropping bombs filled with insects and rats infected with cholera and the plague.
 
• In the 1960s, military spies spread false rumors about ties between the American intelligence community and the murder of President John F. Kennedy. Soviet agencies financed the work of Mark Lane, who popularized his conspiracy theories in several books. Moscow also fabricated documents and letters linking Lee Harvey Oswald to the CIA and FBI.
 
• Between 1972 and 1973, Soviet intelligence financed roughly 5,000 articles in Indian newspapers in support of then Prime Minister Indira Gandhi.
 
• In 1983, Soviet military intelligence spread rumors that Korean Air Lines Flight 007, shot down by the USSR on September 1, was a spy plane sent by the CIA.
 
• In the late 1980s, Soviet spies circulated false information that the AIDS epidemic was due to experiments at a secret military biological laboratory in the United States. Soviet military intelligence passed fabricated documents to a CIA officer, who later wrote about them in books.
 
• In the late 1980s, Soviet military intelligence promoted conspiracy theories that the 1978 Jonestown deaths were part of a CIA operation.
 
Leonid Shebarshin, one of the top officials in the Soviet intelligence community, said in 2003 that spies are able to find reporters at any newspaper who are willing to publish a needed story for the right price or amount of booze. In 2012, Shebarshin was found dead in his home, after he apparently shot himself. Twenty-one years earlier, the GRU’s supervisor for disinformation in the United States, Dmitry Lisovolik, died when he fell from the window of his apartment.
 
Since the fall of the USSR, the agencies and organisations involved in Russian military intelligence have apparently not abandoned the use of disinformation. 
 
Since 2016, American officials have accused Moscow of running a so-called “troll factory” in St. Petersburg to interfere in US elections by fielding “discourse saboteurs” who operate under phony identities to promote Donald Trump and oppose Hillary Clinton. In 2016, the group allegedly organised political events in the US, and spread viral and promoted content on social networks. 
 
Are the Hackers from the GRU, too?
The GRU is part of the Defense Ministry, and Meduza has written repeatedly about Moscow’s ongoing efforts to build up its cyber-forces, the so-called “research companies”. In 2014, the Russian Defense Ministry created its “information-operation troops” for action in “cyber-confrontations with potential adversaries.” 
 
Later, sources in the Defense Ministry explained that these new troops were meant to “disrupt the potential adversary’s information networks.” Recruiters reportedly went looking for “hackers who have had problems with the law.” According to an instructor at a Defense Ministry center that trains the new cyber-forces, students prepare for future conflicts by “developing cyber-attack algorithms.” In recent years, cyber-attacks on government agencies in multiple countries, Estonia, Georgia, Ukraine, Turkey, and the US, have coincided with escalations in tensions between Moscow and these states.
Additionally, many Russian hackers work at research institutes affiliated with the GRU.
 
Who’s in charge of the GRU?
The director of Russia’s military intelligence is appointed by the president, who controls and coordinates the activities of the entire intelligence community. In 2016, Putin appointed Igor Korobov to serve as the director of the Military Intelligence Directorate. It is not known who is likely to replace him following his recent death.
 
A career intelligence officer who started out in the 1980s, Korobov graduated from the “Conservatory” and went on to oversee Russia’s strategic intelligence gathering, including the management of all foreign stations. 
 
American officials added Korobov to their sanctions list in December 2016 for his “efforts to undermine democracy” by organising Hacker attacks. Nevertheless, Korobov and the directors of Russia’s Federal Security Service (FSB) and Foreign Intelligence Service (SVR) made an unprecedented trip to Washington in February 2018 to meet with members of the US intelligence community to discuss the war against terrorism.
 
Meduza
 
You Might Also Read: 
 
Russia Stands Accused Of Global Hacking Campaign:
 
Cyberattack Revelations Appear To Undercut Russia's UN Efforts:
 
An Intelligence Crisis In Moscow:
 
 
 
 
« The Search To Find Cyber Security Experts Of The Future
AI Is Revolutionising Digital Marketing »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

Experian

Experian

Experian provide software solutions to help organizations prevent identity fraud and crime.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Nuance Communications

Nuance Communications

From revolutionizing the doctor-patient relationship to reinventing the way brands connect with their customers, Nuance technology helps organizations push the boundaries of what’s possible.