Zeroday Technologies LLC, 0Дт, OOO ЗИРОУДЭЙ ТЕХНОЛОДЖИС, is a technology company that "specializes in the development of automation
and information protection tools." A hack of the company in 2019 revealed contracts with FSB Center 12 and 18. Details in .n0debreak.com/2023/04/01/mee… The company was founded in December 2011 by CEO Ruslan Radzhabovich Gilyazov, a member of the Informaiton Security Faculty at Moscow
State University, and is located in the Yasenevo Municipal District of Moscow.

JSC InfoTeks is a leader in the Russian information security market. The company was formed in 1991, its founder and General Director, Andrey Anatolievich Chapchaev, attended the Higher School of the KGB and worked in the research division of the KGB between 1982-1991. InfoTeks has been sanctioned by the Council of the European Union for its work in creating systems and tools for Russian Security Services. In addition, the company has also been indicted by the US for enabling the malicious activity of Russian Cyber actors.

According to a CISA advisory, actors associated with FSUE TsNIIKhM are responsible for developing
destructive ICS malware. TsNIIKhM has also been sanctioned by the US Department of Treasury for
connections to the Triton Malware. In 2021 the US indicted an employee of the institute, Evgeny Gladkikh, for installing TRITON malware on a safety system of global energy facilities and using techniques designed to enable future damage with potentially catastrophic effects on a Shneider Electric safety system.

ZAO PASIT, Программно-аппаратные средства и технологии (Software, Hardware and Technologies) is a Russian tech company indicted by the US Department of Treasury. The company has a very rudimentary website which can be found at . Pasit.ru
An EO was issued by the US DOT on 15 April 2021 which included targeted sanctions against Russian tech companies, including PASIT, that had given support to Russian Intelligence Services #RIS efforts to carry out malicious cyber activities against the US.

St Petersburg based JSC Centrinform has a long history of involvement with the #FSB, of note, activity
connected to the TURLA malware campaign. The company, which has seventeen branches, was previously a subsidiary of FSUE, STC Atlas, also known as Atlas of the FSB. Between 2005 and 2007 the company was called FSUE Atlas of the Federal State Security Service and, according to Government documentation, under the supervision of the FSB.

Here is our latest thread highlighting the links between Russian Intelligence Services (#RIS) and Russian tech companies. Today we provide some details about Research and Production Center "DELTA" and its link to the #SVR.🧵
1/10 According to freely available Federal Tax Service information the company was founded on 17 July 2003 by the Foreign Intelligence Service of the Russian Federation, better known as the SVR.
2/10

Here is an updated chart following further research into the attempts by Ilya Medvedovsky to obscure his attempts to avoid sanctions imposed by the US DOT on his companies Digital Security (DSEC), ERPScan and Embedi that we first highlighted in
🧵1/9

https://twitter.com/cyber_watchers/status/1694670973960941739

As you can see, we have a new individual that has links to the subject companies. Dmitriy Chastuhin is a security analyst specializing in SAP, who has appeared as a speaker at multiple conferences when Director of Business Application Pen testing at ERPScan. 2/9

In 2018 Digital Security (DSEC), a Russian tech company, was hit with sanctions by the US DOT.
Through online research we believe we have identified a network created by its leadership Ilya
Medvedovsky, Dmitriy Evdokimov and Yevgeniya Klimina to apparently evade these sanctions. Sanctions were imposded on DSEC because of work conducted on a project that would increase Russia's
offensive cyber capabilities for the Russian intelligence services, including the FSB. ERPScan and Embedi, subsidiaries of DSEC were also sanctioned.

Positive Technologies (Pozitiv Teknolodzhiz) was about to become a public company when it was hit with sanctions by the US Department of Treasury. The proposed sale would have resulted in owner Yury Maksimov becoming a billionaire. The sanctions, imposed in April 2021, were against six Russian Technology companies accused of supporting the efforts of the Russian Intelligence Services to carry out malicious cyber activities against the US, most notably the SolarWinds attack (attributed to #APT29 #CozyBear).

It would appear that, despite some of the headlines in the press following the hack by
Cyber Resistance, Sergey Morgachev wasn't as important as we had first thought.
informnapalm.org/en/hacked-russ…

https://twitter.com/cyber_watchers/status/1646847570726080514

From what we have heard he was head of his Department with some extra responsibilities supporting the Head of his section within the 85th GTsSS. Not the Deputy Head of the entire unit, as Cyber Resistance had stated.

Morenets is a senior official in the #85thGTsSS that is supposed to be a sophisticated state cyber hacking enterprise that should be operating with a high level of plausible deniability. It seems they are incapable of keeping their standards high enough to avoid detection/attribution based on the numerous instances of cyber activity which have recently been attributed to the #GRU.

Continuing our thread on Aleksey Morenets....

https://twitter.com/cyber_watchers/status/1653763061189148677

Despite the mistakes made it may surprise you that Morenets still has a job in the #85thGTsSS, also known as #APT28 or Fancy Bear. It is our understanding that he is in charge of a Directorate involved in Cyber espionage.

We would like to introduce you to Aleksey Sergeyevich Morenets, a #GRU officer indicted by the US along with 6 others in October 2018. He may look familiar to you? Here he is in our tweet of congratulations to Yevgeny Serebryakov, on GRU day, for his part in the failed attempted hack of the OPCW HQ in The Hague.

https://twitter.com/cyber_watchers/status/1588786233525739520

We thought it was time to return to highlighting some of the tech companies with ties to the Russian intelligence services. Today we introduce you to Special Technological Centre Ltd. #STC #СТЦ In late 2016 STC was sanctioned by the U.S. in the amendment to Executive Order 13964 issued by President Obama.

We tweeted in July about the development of a variant to the malware project Drovorub-A1 by Russian tech company AST (АСТ).

https://twitter.com/cyber_watchers/status/1547561370899558400?s=20&t=wsxe2Z21g7Pw9Cr0MMnTAg

Drovorub-A1 was originally developed for the GRU 85th Main Special Service Center (85th GTsSS, в/ч 26165) and dubbed the 'Swiss Army Knife' for hacking Linux.
#APT28 #GRU #FANCYBEAR

We have become aware of a large #ICS/#SCADA malware project apparently conducted under a state contract on behalf of the Russian General Staff Main Intelligence Directorate (#GRU), Main Centre for Special Technologies (#GTsST), military unit 74455. This military unit also known as #Sandworm is located at the GRU Ulitsa Kirova facility in the Khimki suburb of Moscow. In the past Sandworm has targeted ICS/SCADA, one of the most renowned being the #INDUSTROYER2 hacking attempt of a Ukrainian electrical substation in April 22.

If the Russian Intelligence Services work with other companies, which ones? According to the US, one company working with the FSB, GRU and SVR is Advanced System Technologies (AST). According to the US Treasury press release of April 15 21 (home.treasury.gov/news/press-rel…) AST is a "Russian IT security firm whose clients include Russian Ministry of Defense, SVR and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU and SVR."