Foreign Affairs

These Are Russia’s Cyber-Warfare Units That Wreak Havoc

These Are Russia’s Cyber-Warfare Units That Wreak Havoc
  • Russian cyberwarfare capabilities unleashed during the invasion of Ukraine have been seen as a part of information warfare.
  • Multiple agencies, including the GRU, SVR and FSB maintain units capable of engaging in information operations.
  • Cyber operations have included distributed denial-of-service attacks and a hack that caused a blackout in 2015.
  • Multiple Russian cyberwarfare units have been indicted by the Department of Justice.

Beyond conventional weapons such as airplanes, bombs and firearms, Russian cyber-warfare units are utilized to wreak havoc against geopolitical foes.

While purportedly rogue hackers may draw much of the attention, Russian military strategists have long viewed cyberwarfare as part of information warfare. Cyberattacks were used prior to the invasion of the Ukraine that began in the early-morning hours of Thursday, DefenseNews.com reported. Russian web sites also were down in the initial stages of the invasion of Ukraine.

“The Russians generally do not use the terms cyber (kiber) or cyberwarfare (kibervoyna), except when referring to Western or other foreign writings on the topic,” a 2017 report by the Center for Naval Analysis (CAN) said. “Instead, like the Chinese, they tend to use the word informatization, thereby conceptualizing cyber operations within the broader rubric of information warfare (informatsionnaya voyna).”

Russian theorists view information warfare as a “holistic concept,” the think tank noted, adding that “computer network operations, electronic warfare, psychological operations, and information operations” are components of the information war. Past operations have ranged from a massive distributed denial of service attack against Estonia in 2007 to causing a blackout in Ukraine in 2015.

“Russia maintains numerous units that are overseen by various security and intelligence agencies,” a Congressional Research Service (CRS) report said.

The list includes units from the Main Directorate of the General Staff, the Russian military intelligence agency commonly known as the GRU, as well as the two agencies that formed after the KGB was dissolved after the fall of the Soviet Union in 1991, the Foreign Intelligence Service (known as SVR) and the Federal Security Service (FSB).

One GRU unit, known as Unit 74455, was indicted in October 2020 for a series of cyber attacks, including the NotPetya attack in 2017, according to the CRS report. Another GRU unit, known as either the Unit 54777 or the 72nd Special Service Center, specializes in psychological operations.

The SVR and FSB are allegedly tied to a number of private groups and cybercriminals. The SVR is linked to APT 29 and the Dukes, among other groups, the report said, adding that the FSB-affiliated hackers were known as Berserk Bear, Energetic Bear, Gamaredon, TeamSpy, Crouching Yeti and Koala.

The Internet Research Agency, a private entity allegedly controlled by Yevgeniy Prigozhin according to the Justice Department, has been involved in misinformation efforts, and is described as a “troll farm.”

The FSB’s 18th Center for Information Security and the Internet Research Agency were both indicted for their activities, according to the CRS report.

“This array of Russian hackers who work directly for the state and/or under the implicit protection of the state have likely embedded malware and backdoors in numerous Ukrainian energy, communications and weapons systems, making Ukraine vulnerable to a cyber first strike,” V.S. Subrahmanian, a Buffett Faculty Fellow at Northwestern University, said in a Feb. 3 release. “Without NATO assistance, the combination of Russian military might, cyber assets and social media influence campaigns will likely lead to quick wins for Russia, should a kinetic conflict with Ukraine erupt in coming weeks.”

Subrahmanian did say there were things that could be done to aid the Ukraine prior to an invasion, including helping Ukrainian forces set up their own cyberattacks on Russia. He also suggested that planting bots on Russian social media sites was also an option.

A spokesman for Northwestern told the Daily Caller News Foundation that Subrahmanian was not available for further comment.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact [email protected].