Russia’s Cyber Power Base: From Cybercriminals to Private Contractors

Speaker: Justin Sherman (Global Cyber Strategies)

Date: 7 August 2024

Speaker Session Summary

Justin Sherman spoke to the SMA audience about Russia’s cyber power base—not just the state and intelligence actors, but also the private contractors and private sector companies that play an important role in Russia’s cyber power. To begin, Mr. Sherman emphasized that there is no singular Russian cyber strategy; rather there is a collection of insights derived from various Russian government documents during President Putin’s tenure. These state documents rarely employ the term “cyber,” except when referring to Western strategies. Instead, these documents emphasize “information security,” a concept that includes not only hacking and cyber security but also the broader spectrum of information consumed by the public, such as news. Over time, there has been an increasing focus on information and instability, with the internet being portrayed as a Western weapon aimed at Russia. 

The Russian approach to information operations is categorized into two primary bins: information technical and information psychological. The Kremlin leverages a variety of actors for their capabilities and talent, including patriotic hackers from Russia’s criminal hacking community. These hackers often carry out attacks motivated by patriotism, providing legal cover for the Kremlin. The three primary Russian government actors involved in cyber operations are the Military Intelligence Agency (GRU), the Federal Security Service (FSB), and the Foreign Intelligence Service (SVR). Mr. Sherman underscored the absence of a clear cyber command or overarching strategy within Russia; instead, these agencies operate in cyberspace much as they do in the physical world. 

One of Russia’s largest cybersecurity companies, Positive Technologies, hosts Positive Hack Day, the largest hacking convention in the country, which serves as a recruitment ground for the Kremlin. Mr. Sherman concluded his presentation with case studies demonstrating the connections between Russian organizations and open-source software, using Open-Source Intelligence (OSINT) data. For instance, he discussed how the extensive use of open-source code by the US military creates potential vulnerabilities due to contributions from Russian coders. Interestingly, some Russian coding companies under US sanctions receive contributions from non-Russian sources. Additionally, the Russian domestic technology sector is experiencing mixed outcomes, with some successes, such as its replacement for Microsoft, and challenges, such as accessing microchips. 

Speaker Session Recording

A recording is only available to US government employees via Intelink video. Please email mariah.c.yager.ctr@mail.mil for assistance and additional information.

Briefing Materials

Biography: Justin Sherman is the founder and CEO of Global Cyber Strategies, a Washington, DC-based research and advisory firm that works with nonprofits, startups, Fortune 1000 companies, law firms, investors, and the US government. He is also a nonresident senior fellow at the Atlantic Council, an adjunct professor at Duke University, and a contributing editor at Lawfare. He works with New York-based cybersecurity company Margin Research on open-source software security, malicious code, and Chinese and Russian cyber threat actors and operations. He has written and consulted extensively on Russia’s internet, information, technology, and cyber strategy, policy, and operations—and is sanctioned by the Russian Ministry of Foreign Affairs.

Related Publications by Justin Sherman:

OSINT and data-compilation analysis of Russian tech giant Yandex, its job postings, the geographic locations of its open-source code commits, and so forth, attempting to understand its efforts to splinter the business: https://margin.re/2023/03/analyzing-russian-internet-firm-yandex-its-open-source-code-and-its-global-contributors/

An earlier Atlantic Council report on “untangling” Russia’s cyber web, diving into and explaining/analyzing the relationship between the Kremlin and patriotic hackers, cybercriminals, etc. and some major myths and major unknowns: https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/untangling-the-russian-web/