Both ELINT and HUMINT findings for the missions by Russian intelligence reveal the Kremlin is vigorous, as at the height of the Cold War. The issues Russian intelligence agencies are into make for not just identifying the weak points for this country, but also specifying the most likely spots for Russian spies to infiltrate.
Most Russian spies that were smelled out snooped for information in energy sector, thus underscoring Russia’s dependence on oil and gas sector and its poor technology.
Energy sector
Foreign hackers have gained access to the U.S. Department of Energy and the National Nuclear Security Administration (NNSA), according to the sources familiar with the matter.
The attacks by malware infiltration particularly targeted the Federal Energy Regulatory Commission (FERC), the Sandia and Los Alamos National Laboratories in New Mexico and Washington, the NNSA Transportation Safety Administration, and the U.S. Department of Energy’s Richland office.
Our analysts and interviewed cybersecurity experts believe that Russian military intelligence unit at 74455 military unit is behind the attack.
The Kremlin seeks to be given a free hand to disrupt foreign electrical grids remotely by unconventional attack, intimidation or retaliation. As the FERC does not manage power flows directly, but stores sensitive data, it is not unreasonable to assume that Moscow is readying for cyberwar fare operations to stage sabotage and interfere with the Electrical power grid.
Russian intelligence is into cyber operations to set up a blackout in the target country as the Russians are looking for options to interfere with C2 communication systems at underwater fiber optic cables.
It means that Moscow is able to lay groundwork for tactical benefits by such attacks in case of local military conflict with the West. But the most likely scenario is when the energy sector is attacked by order of Russia’s President in response for the reports to Russia’s intelligence leaders that ‘the West is making attempts to bring down the regime in Russia’. They come up to Putin saying the effects by contest for influence and budgetary resources between the security ministries rise from subversion by the West. In turn, it adds to the conflict-prone policy by Russia and drives up the number of active missions by Russian intelligence.
The Police Security Service (PST) of Norway detained a Russian spy in August 2020, while meeting an intelligence officer under diplomatic cover. Russian intelligence was interested in 3D printing technologies for oil and gas sector.
The Norwegian Police Security Service (PST) noted in its report that Russia was making use of espionage to obtain information on Norway’s oil industry and the plans by its government to turn off or turn on the taps. Current and future permits by the Norwegian government for oil production are of interest, especially when it comes to the discovery of new fields, including oil and gas production in the Arctic and in the country’s north.
In October 2020 Turkey claimed it detained Russian spies, including the Bosphorus Gaz Corp. deputy director general Emele Oztürke and five other people. The suspect had an affair with an intelligence officer at the Russian embassy in Turkey. The Russian intelligence was curious about daily prices for natural gas imports to Turkey.
Denmark, in early December this year, accused a Russian citizen, chemist Alexei Nikiforov, 35, living in Denmark, of spying for Russian intelligence. He is suspected of feeding the Russian intelligence with information about Danish energy technologies.
Bulgaria ordered Russia’s Trade Mission officer out of the country in January 2020. The investigation believes he has been engaged in intelligence since October 2018. He came in contact with Bulgarian citizens who had access to energy sector data.
The Economy Ministry employee, and then the Energy Ministry employee was convicted in 2019 in Poland for spying for Russia. He was recruited by Russia’s military intelligence and provided input on the country’s energy security. He also highlighted state officials in Poland, who were the targets for Russian intelligence or candidates to recruit. Russia’s military intelligence is targeting to dig into the Polish ports and LNG terminals functioning, schedules of liquefied gas imports, potential capacity, and a system for making decisions on energy transactions.
Pharmaceuticals
Though the Kremlin ambitiously advertises Russia’s vaccine against COVID-19, Russian intelligence has been staging missions to get documentation for vaccines from foreign manufacturers for about a year. In early December, the American Pfizer and its German partner BioNTech announced a cyberattack against the European Medicines Agency (EMA), as a result of which the technical documentation for the COVID-19 vaccine was stolen.
The EMA that also examines and approves drugs and vaccines for the European Union earlier announced it had been hacked, the ins and outs not disclosed, and the special agencies are helping to investigate the case.
In summer 2020 Britain, the United States and Canada stated about the Russian group’s hacking attack on medical laboratories in Western countries and an attempt to steal the COVID-19 vaccine development. They blamed the hack on the Cozy Bear group, also known as APT29 and the Dukes, supervised by the FSB\SVR. The US NSA believes that Russian hackers then have been collecting data on vaccine development.
Technologies
The General Intelligence and Security Service of the Netherlands (AIVD) curbed the subversion by two Russian Foreign Intelligence officers, who claimed they were diplomats. They were into advanced technologies: artificial intelligence (AI), semiconductors and nanotechnology, both civil and military.
Scientific and technical intelligence falls more within the competence of Russia’s SVR today. It is obviously linked with the limited GRU’s capacity to assess and process such information, as well as to the specific features and thinking abilities by Russia’s military intelligence officers.
Defense information
In September 2020 Bulgaria ordered two Russian intelligence officers under diplomatic cover in Sofia out of the country. They have been gathering classified data on the plans to modernize the Bulgarian army and military hardware. Russian intelligence was interested in ad hoc data on new F16 fighters, as well as on plans to acquire combat drones.
These diplomats were Deputy Trade representative Sergey Nikolashin and Deputy Trade representative Vadim Bykov. There were reasonable grounds to believe they might be related to the increasingly frequent strange situations at the Bulgarian military plants (common explosions in military factories).
Bulgaria expelled another Russia’s military intelligence officer, Vasily Sazanovich, on December 18, 2020, who has been gathering intelligence since 2017. He collected top secret data, including those on the number of American troops in Bulgaria for joint exercises by the two countries.
According to a source in the Turkish Foreign Ministry, the NTV correspondents Alexei Petrushko and Ivan Malyshkin (GRU agents) did not have accreditation and filmed without permission in the beginning of December, 2020 in the area where the manufacturer of combat drones Baykar Savunma is located.
In November this year a former Army Green Beret Peter Debbins was charged with espionage activity on behalf of Russia. He had a 15-year relationship with Russian intelligence, according to the indictment issued. He was recruited by Russian intel in late 1996 when he was still an ROTC undergrad at the University of Minnesota and on a visit to Russia for an independent study program. He joined the Army as an active duty officer in 1998 and served through 2005, the last two years as a Special Forces officer. The indictment alleges he provided information and names of his fellow Special Forces members while he was on assignment in Azerbaijan and Georgia.
Staged pressure
Bulgaria expelled two Russian diplomats in January 2020. One of them has been digging into the election patterns in the country since 2017. This information targeted to stage pressure in this country, interfering in Bulgaria’s internal affairs, also by promoting Russophile political projects there. We believe this information could have been used by Russia to interfere into the clamor targeting to bring Vazrazhdane party behind the rallies into the parliament.
Russia’s HUMINT involvement pattern
OSINT analysis indicates that Russia’s intelligence used money to motivate for work in Europe and the United States in almost all cases of espionage in favor of Russia. On the one hand, it speaks for Moscow’s financial capacity. But on the other hand, these findings mean that Russia’s intelligence cannot attract foreigners to have ties on ideological basis. Such work with the active core is less stable and more sensitive, requiring large money supplies transfer, being costly for Russia therefore.
The findings also indicate that recruitment proposals prevail in Russia when foreign experts, Russian intelligence is targeting, make visits and trips there. A lot of Russian spies were recruited at Russian language courses managed by Russian agencies.
Russian intelligence is making good use of visa simplifications introduced in 2019 to recruit foreigners, field work starting with inspection of the forms. Russia’s special agencies pay extra attention to former and active political actors, businessmen, law enforcement officers, military personnel and journalists traveling to Russia. So, most of the European citizens have been recruited within Russia’s territory in past years.
Author
-
Robert Lansing Institute Director General, former DRM imagery analyst, Paris-based analyst in intelligence
View all posts