Investigation Uncovers 300+ Possible GRU Officers

Written by

Russia’s prolific military intelligence service the GRU appears to be on the back foot once again after an investigative news site revealed it managed to locate the identities of over 300 possible agents.

Bellingcat teamed up with Russian partner site The Insider to dig deeper after the British and Dutch authorities revealed the identities of four alleged GRU officers last week. They claimed the men had traveled to the offices of the Organisation for the Prohibition of Chemical Weapons (OPCW) in April to hack the organization via its Wi-Fi network.

Crucially, the four traveled under their real names using diplomatic passports, with subsequent searches revealing one of the men registered as living at Ulitsa Narodnogo Opolcheniya 50, an address in Moscow where the Military Academy of the Ministry of Defence is apparently located.

Further searches on the names revealed links to a Russian car ownership database where one of the four alleged GRU officers, Alexey Morenets, was registered as owner of a Lada.

This seemingly innocuous detail proved to be a significant discovery.

“The address to which the car was registered, Komsomolsky Prospekt 20, coincides with the address of military unit 26165, described by Dutch and US law enforcement as GRU’s cyber warfare department. The database entry contained Morenets’s passport number,” the report noted.

“By searching for other vehicles registered to the same address, Bellingcat was able to produce a list of 305 individuals who operated cars registered to the same address. The individuals range in age from 27 to 53 years of age.”

Even worse for the Kremlin, the database entries apparently contain full names, passport entries and mobile phone numbers, as well as the street address and military unit number: 26165.

This is the infamous unit which the hackers indicted by the US last week are alleged to be stationed with.

The report claimed that if the 305 individuals are indeed GRU officers, the discovery could be “one of the largest mass breaches of personal data of an intelligence service in recent history.”

It comes after a series of missteps by the Kremlin’s fearsome intelligence apparatus, including the unmasking of two GRU officers who attempted to assassinate a double agent in the English city of Salisbury earlier this year, and the indictment of many more by the US authorities for a series of major cyber-attacks.

What’s hot on Infosecurity Magazine?