We would like to introduce you to Aleksey Sergeyevich Morenets, a #GRU officer indicted by the US along with 6 others in October 2018.
He may look familiar to you? Here he is in our tweet of congratulations to Yevgeny Serebryakov, on GRU day, for his part in the failed attempted hack of the OPCW HQ in The Hague.
Morenets and Serebryakov were part of the team intercepted by the Dutch authorities in April 2018. At the time Morenets was described in the press as a bungling hacker after it was discovered that he had travelled under his real name and date of birth.
This helped investigators discover he was living at the GRU military academy in Moscow and that his vehicle was registered to the nearby GRU cyber academy.
A search for other vehicles registered at the same address revealed the identities of 305 other members of military unit 26165 #85thGTsSS.
It was also discovered that he had a profile on the dating website mylove.ru, using a profile image taken in the vicinity of unit 26165 on Komsomolsky Prospekt.
Morenets is a senior official in the #85thGTsSS that is supposed to be a sophisticated state cyber hacking enterprise that should be operating with a high level of plausible deniability.
It seems they are incapable of keeping their standards high enough to avoid detection/attribution based on the numerous instances of cyber activity which have recently been attributed to the #GRU.
This would seem to be another role which Morenets is seemingly incapable of fulfilling successfully. In the last year alone the following cyber-attacks have been attributed to the GRU.
Despite the mistakes made it may surprise you that Morenets still has a job in the #85thGTsSS, also known as #APT28 or Fancy Bear. It is our understanding that he is in charge of a Directorate involved in Cyber espionage.
We have heard that his staff are not happy with his management. We know that in the lead up to the war with Ukraine staff had their working hours extended by Morenets while he remained on regular hours.
We thought it was time to return to highlighting some of the tech companies with ties to the Russian intelligence services. Today we introduce you to Special Technological Centre Ltd. #STC#СТЦ
In late 2016 STC was sanctioned by the U.S. in the amendment to Executive Order 13964 issued by President Obama.
STC was named as one of three companies that provided material support to the #GRU interference of the Presidential election in 2016 and assisting them in conducting signals intelligence operations.
Drovorub-A1 was originally developed for the GRU 85th Main Special Service Center (85th GTsSS, в/ч 26165) and dubbed the 'Swiss Army Knife' for hacking Linux. #APT28#GRU#FANCYBEAR
US agencies warned of the threat posed in a 45-page security alert released in August 2020 and companies such as Schneider Electric offered mitigation to customers in advance of fixes to their operating systems. media.defense.gov/2020/Aug/13/20…
We have become aware of a large #ICS/#SCADA malware project apparently conducted under a state contract on behalf of the Russian General Staff Main Intelligence Directorate (#GRU), Main Centre for Special Technologies (#GTsST), military unit 74455.
This military unit also known as #Sandworm is located at the GRU Ulitsa Kirova facility in the Khimki suburb of Moscow. In the past Sandworm has targeted ICS/SCADA, one of the most renowned being the #INDUSTROYER2 hacking attempt of a Ukrainian electrical substation in April 22.
The ongoing project is to cost more than 100 million rubles across three phases and undertaken by several technical defense contractors.
If the Russian Intelligence Services work with other companies, which ones? According to the US, one company working with the FSB, GRU and SVR is Advanced System Technologies (AST).
According to the US Treasury press release of April 15 21 (home.treasury.gov/news/press-rel…) AST is a "Russian IT security firm whose clients include Russian Ministry of Defense, SVR and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU and SVR."
Some additional background information on the company is available on the TADVISER website, a Russian business knowledge base, including information on the largest 100 IT companies in Russia.