CyberWatchers Profile picture
May 3 8 tweets 2 min read Twitter logo Read on Twitter
We would like to introduce you to Aleksey Sergeyevich Morenets, a #GRU officer indicted by the US along with 6 others in October 2018. Image
He may look familiar to you? Here he is in our tweet of congratulations to Yevgeny Serebryakov, on GRU day, for his part in the failed attempted hack of the OPCW HQ in The Hague.
Morenets and Serebryakov were part of the team intercepted by the Dutch authorities in April 2018. At the time Morenets was described in the press as a bungling hacker after it was discovered that he had travelled under his real name and date of birth.
This helped investigators discover he was living at the GRU military academy in Moscow and that his vehicle was registered to the nearby GRU cyber academy.
A search for other vehicles registered at the same address revealed the identities of 305 other members of military unit 26165 #85thGTsSS.
It was also discovered that he had a profile on the dating website mylove.ru, using a profile image taken in the vicinity of unit 26165 on Komsomolsky Prospekt.
We'll post more information on Morenets soon.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with CyberWatchers

CyberWatchers Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @cyber_watchers

May 4
Morenets is a senior official in the #85thGTsSS that is supposed to be a sophisticated state cyber hacking enterprise that should be operating with a high level of plausible deniability.
It seems they are incapable of keeping their standards high enough to avoid detection/attribution based on the numerous instances of cyber activity which have recently been attributed to the #GRU.
This would seem to be another role which Morenets is seemingly incapable of fulfilling successfully. In the last year alone the following cyber-attacks have been attributed to the GRU.
Read 6 tweets
May 4
Continuing our thread on Aleksey Morenets....
Despite the mistakes made it may surprise you that Morenets still has a job in the #85thGTsSS, also known as #APT28 or Fancy Bear. It is our understanding that he is in charge of a Directorate involved in Cyber espionage.
We have heard that his staff are not happy with his management. We know that in the lead up to the war with Ukraine staff had their working hours extended by Morenets while he remained on regular hours.
Read 4 tweets
Mar 15
We thought it was time to return to highlighting some of the tech companies with ties to the Russian intelligence services. Today we introduce you to Special Technological Centre Ltd. #STC #СТЦ
In late 2016 STC was sanctioned by the U.S. in the amendment to Executive Order 13964 issued by President Obama.
STC was named as one of three companies that provided material support to the #GRU interference of the Presidential election in 2016 and assisting them in conducting signals intelligence operations.
Read 8 tweets
Jan 17
We tweeted in July about the development of a variant to the malware project Drovorub-A1 by Russian tech company AST (АСТ).
Drovorub-A1 was originally developed for the GRU 85th Main Special Service Center (85th GTsSS, в/ч 26165) and dubbed the 'Swiss Army Knife' for hacking Linux.
#APT28 #GRU #FANCYBEAR
US agencies warned of the threat posed in a 45-page security alert released in August 2020 and companies such as Schneider Electric offered mitigation to customers in advance of fixes to their operating systems.
media.defense.gov/2020/Aug/13/20…
Read 7 tweets
Oct 4, 2022
We have become aware of a large #ICS/#SCADA malware project apparently conducted under a state contract on behalf of the Russian General Staff Main Intelligence Directorate (#GRU), Main Centre for Special Technologies (#GTsST), military unit 74455.
This military unit also known as #Sandworm is located at the GRU Ulitsa Kirova facility in the Khimki suburb of Moscow. In the past Sandworm has targeted ICS/SCADA, one of the most renowned being the #INDUSTROYER2 hacking attempt of a Ukrainian electrical substation in April 22.
The ongoing project is to cost more than 100 million rubles across three phases and undertaken by several technical defense contractors.
Read 5 tweets
Jul 14, 2022
If the Russian Intelligence Services work with other companies, which ones? According to the US, one company working with the FSB, GRU and SVR is Advanced System Technologies (AST).
According to the US Treasury press release of April 15 21 (home.treasury.gov/news/press-rel…) AST is a "Russian IT security firm whose clients include Russian Ministry of Defense, SVR and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU and SVR."
Some additional background information on the company is available on the TADVISER website, a Russian business knowledge base, including information on the largest 100 IT companies in Russia.
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(