ArchiveCyberOODA Original

Who’s Who in Russian Cyber Espionage Operations

The following overview of Russian espionage operations was extracted from the excellent Report on Russian Security Issues, released by the country of Estonia.

As a discipline, cyber espionage in Russia is quite old. The KGB had top-level technical capabilities for spying on the West. Signals intelligence of the time encompassed much of what we today would call “cyber”.

After the dissolution of the Soviet Union, KGB signals intelligence functions were divided between three Russian special services: the federal security service FSB, the foreign intelligence service SVR and the federal defence service FSO. In addition, the Russian military intelligence service GRU has considerable powers to carry out cyber and signals intelligence.

Below, we provide an overview of the role of the four services in Russian cyber intelligence:


The Federal Security Service of the Russian Federation (FSB) can be considered the most direct descendant of the KGB. The FSB does not deal only with counterintelligence; it also carries out surveillance and oversight of the Russian information space. In the cyber domain, the FSB has a number of capabilities, and besides domestic cyber activities, it can carry out operations
abroad in coordination with Russian foreign intelligence. The FSB’s function is to ensure information security in Russia, for which purpose the FSB is given the authority to conduct wiretaps and keep an eye on e-mail and data traffic within the country.

To do this, an extensive system of monitoring and filtering
information called SORM is used, which all communication service providers in Russia must join. The system is continually updated, but the service providers must cover the related expenses. Active cooperation takes place with the Russian mass communication supervision authority Roskomnadzor and the Russian Federation’s Ministry of the Interior cyber crime fighting unit Directorate K.


The Federal Protective Service of the Russian Federation (FSO) inherited several key functions and obligations in the cyber field e.g. ensuring data security for GAS Vybory election system from the KGB. The objective of the FSO is to ensure encrypted communication connections, e.g. between the Kremlin and Russian military district staffs, and it thus maintains close control over strategic state information. Spetssvyaz, which earlier was under FAPSI (Federal Agency of Government Communications and Information) and briefly under FSB, has operated in the FSO jurisdiction since 2004 and likely plays the biggest role in developing the service’s cyber competence. Spetssvyaz includes
sub-branches that deal with organizing government communications and the aforementioned secure military communications in Russia.

The FSO is also tasked with ensuring security of data transmitted in the state information exchange channels and the security of technical solutions used for this purpose.


Although the work of the Foreign Intelligence Service of the Russian Federation (SVR) – is based mainly on human intelligence and its cyber capability and activity are not comparable to the FSB or GRU, the SVR does have cooperation formats in the field of cyber and signals intelligence with other Russian special services. The SVR’s focus lies above all on collecting strategic intelligence (an adversary’s capabilities, developments, plans and intentions).


The General Staff of the Armed Forces of the Russian Federation’s Main Intelligence Directorate (GRU) is the only intelligence service in this list that is not a direct descendant of the KGB. It employs nearly all intelligence disciplines in its activities, including cyber and signals intelligence.

The Sixth Directorate, which can be considered the coordinator of GRU’s signals intelligence, carries out its functions through various units located on Russian territory and the Russian Federation’s foreign representations around the world. From active implementation of signals intelligence and electronic intelligence disciplines (ELINT) to development of cryptographic skills and solutions, the GRU likely possesses the finest technological and operational capabilities among Russia’s special services.

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.