About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (February 2, 2022)

handle is hein.crs/govegfn0001 and id is 1 raw text is: Informing sona! Researet, Service heled Ilive cI bat since 1914 Updated February 2, 2022 Russian Cyber Units Russia has deployed sophisticated cyber capabilities to conduct disinformation, propaganda, espionage, and destructive cyberattacks globally. To conduct these operations, Russia maintains numerous units that are overseen by various security and intelligence agencies. Russia's security agencies compete with each other and often conduct similar operations on the same targets, making specific attribution and motivation assessments difficult. The U.S. government has indicted and imposed sanctions on Russian security personnel and agents for various cyberattacks. Congress may be interested in Russian agencies, units, and their attributes to better understand why and how Russia conducts cyber operations. Early Russian Cyber Operaons According to media and government reports, Russia's initial cyber operations primarily consisted of Distributed Denial of Service (DDoS) attacks and often relied on the co-optation or recruitment of criminal and civilian hackers. In 2007, Estonia was the target of a large-scale cyberattack, which most observers blamed on Russia. Estonian targets ranged from online banking and media outlets to government websites and email services. Russia again employed DDoS attacks during its 2008 war with Georgia. Although Russia denied responsibility, Georgia was the victim of a large-scale cyberattack that corresponded with Russian military actions. Analysts identified 54 potential targets (e.g., government, financial, and media outlets), including the National Bank of Georgia, which suspended all electronic operations for 12 days. Russian Security and intelligence Agencies Over the past 20 years, Russia has increased its personnel, capabilities, and capacity to undertake a wide range of cyber operations. No single Russian security or intelligence agency has sole responsibility for cyber operations. Observers note that this framework contributes to competition among the agencies for resources, personnel, and influence, and some analysts cite it as a possible reason for Russian cyber units conducting similar operations, without any apparent awareness of each other. Military Intelligence The Main Directorate of the General Staff, commonly referred to as the GRU, is Russia's military intelligence agency. The GRU has been implicated in some of Russia's most notorious and damaging cyber operations. Media reporting and U.S. government indictments identify two primary GRU cyber units. The U.S. Department of Justice (DOJ) has charged personnel from both units for actions ranging from election interference in the 2016 U.S. presidential election to multiple damaging cyberattacks. The units' public profile underlines a high operational tempo. The GRU reportedly also controls several research institutes that help develop hacking tools and malware. Observers have noted an apparent willingness by GRU cyber units to conduct brazen and aggressive operations, sometimes with questionable levels of operational security and secrecy. Cyber analysts have referred to these units collectively as APT (Advanced Persistent Threat) 28, Fancy Bear, Voodoo Bear, Sandworm, and Tsar Team. Unit 26165: Unit 26165 is one of two Russian cyber groups identified by the U.S. government as responsible for hacking the Democratic Congressional Campaign Committee, Democratic National Committee, and presidential campaign of Hillary Clinton. Media and Western governments also have linked Unit 26165 to cyber operations against numerous political, government, and private sector targets in the United States and Europe. Unit 74455: Unit 74455 has been linked to some of Russia's most brazen and damaging cyberattacks. The U.S. government identified Unit 74455 as responsible for the coordinated release of stolen emails and documents during the 2016 U.S. presidential election. As opposed to primarily focusing on penetrating systems and collecting information, Unit 74455 appears to have significant offensive cyber capabilities. In October 2020, DOJ indicted members of GRU Unit 74455 for numerous cyberattacks, including the 2017 NotPetya malware attack. In June 2017, malware was deployed against numerous targets in Ukraine. The malware soon spread globally, causing significant damage to countries and businesses beyond Ukraine. Unit 54777: This unit, also known as the 72 Special Service Center, reportedly is responsible for the GRU's psychological operations. This includes online disinformation and information operations. Foreign Intelligence Service The Foreign Intelligence Service (SVR) is Russia's primary civilian foreign intelligence service. It is responsible for the collection of foreign intelligence using human, signals, electronic, and cyber methods. Most observers acknowledge the SVR operates with a strong emphasis on maintaining secrecy and avoiding detection. Most cyber operations reportedly linked to the SVR have focused on collecting intelligence. The SVR also is known to have high levels of technical expertise, often seeking to gain and retain access inside compromised networks. Cyber analysts have referred to SVR hackers as APT 29, Cozy Bear, and the Dukes. Analysts and observers have recognized the SVR as highly capable and professional. In contrast to GRU cyber units, the SVR appears focused on collecting intelligence and remaining undetected once it gains access to targeted networks. The U.S. government identified the SVR as one

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most