GRU Unit 29155
Unit 29155 is a Russian military intelligence (GRU) unit associated with foreign assassinations and other activities apparently aimed at destabilizing European countries.[1] The unit is thought to have operated in secret since at least 2008, though its existence only became publicly known in 2019.[1][2]
Organization and method
[edit]The Unit is commanded by Maj. Gen. Andrei Vladimirovich Averyanov and based at the headquarters of the 161st Special Purpose Specialist Training Center in eastern Moscow.[1][2] Its membership has included veterans from Russian wars in Afghanistan, Chechnya, and Ukraine, identified as Denis Sergeev (aka Sergei Fedotov), Alexander Mishkin (aka Alexander Petrov), Anatoliy Chepiga (aka Ruslan Boshirov, a Hero of the Russian Federation, Russia's highest honor), Sergey Lyutenkov (aka Sergey Pavlov), Eduard Shishmakov (aka Eduard Shirokov), Vladimir Moiseev (aka Vladimir Popov), Ivan Terentyev (aka Ivan Lebedev), Nikolay Ezhov (aka Nikolay Kononikhin), Alexey Kalinin (aka Alexei Nikitin), and Danil Kapralov (aka Danil Stepanov).[1][3][4]
Le Monde reported in December 2019, citing French intelligence contacts, that 15 agents connected with Unit 29155 visited the Haute-Savoie region of the French Alps between 2014 and 2018 including Alexander Petrov and Ruslan Boshirov who are believed to be responsible for the Skripal poisoning.[5][6] High-ranking GRU officer Denis Vyacheslavovich Sergeev (alias Sergei Fedotov) has been identified by British authorities as the commander of the team that poisoned Sergei Skripal,[7][2] a former Russian military officer and double agent for the British intelligence agencies, and his daughter Yulia Skripal. Anatoliy Chepiga, one of the suspected Skripal attackers, was photographed at Averyanov's daughter's wedding in 2017.[8]
The unit's operations were described as sloppy by security officials since none of the operations to which it has been linked were successful.[9][1] Several actions had to be broken off without success, such as the attempted coup in Montenegro in 2016, which was staged before the country joined NATO. In several cases, enough evidence was left behind to enable the perpetrators to be identified. Security experts[who?] wondered whether this method was chosen to signal that all opponents of the Russian regime were possible targets, no matter their location. Eerik-Niiles Kross, a former intelligence chief in Estonia, says this type of intelligence operation has become part of psychological warfare.[1]
In August 2024, the Federal Bureau of Investigation (FBI) posted a $10,000,000 reward for information leading to the locations of Vladislav Yevgenyevich Borovkov, Denis Igorevich Denisenko, Yuriy Fedorovich Denisov, Dmitriy Yuryevich Goloshubov, Nikolay Aleksandrovich Korchagin, and Amin Timovich Stigal.[10][11]
Activities
[edit]Unit 29155 was linked — by the investigative Bellingcat website using OSINT (open-source intelligence) — to the attempted assassinations of Bulgarian arms dealer Emilian Gebrev in April 2015 and the former GRU Colonel Sergei Skripal in March 2018, both possibly overseen by the same agent.[12] According to Ben Macintyre in the London Times in December 2019, the unit is believed to be responsible for a destabilisation campaign in Moldova and a failed pro-Serbian coup plot in Montenegro in 2016 including an attempt to assassinate the Prime Minister Milo Đukanović and occupy the parliament building by force.[13][14] Russia has denied all accusations.[15]
The men mentioned by Czech police in relation to 2014 Vrbětice ammunition warehouses explosions were the same men identified by Bellingcat in the Skripal poisoning case.[16]
2014 Vrbětice ammunition warehouses explosions
[edit]Andrej Babiš, the prime minister of Czechia, announced on 17 April 2021 that Unit 29155 was behind the 2014 Vrbětice ammunition warehouses explosions, which resulted in the death of two Czech citizens and damage exceeding CZK 1 billion.[17] Czech police was seeking information from the public on two suspects: Alexander Mishkin (aka Alexander Petrov), Anatoliy Chepiga (aka Ruslan Boshirov).[18] On April, 29 2024 Police of the Czech Republic announced the completion of the investigation of explosions, stating that it considered it proven that the explosions were carried out by GRU.[19] In May 2024, the commander of Unit 29155, Averyanov, was declared wanted by the Czech Police.[20][21]
Alleged bounty program
[edit]In 2020, a CIA assessment reported that Unit 29155 operated a Russian bounty program that offered cash rewards to Taliban-linked militants to kill U.S. and other coalition soldiers in Afghanistan.[22][23] The assessment said several US military personnel died as a result of a bounty program.[24] According to the New York Times, on 1 July, the National Intelligence Council produced a document in which various intelligence agencies assessed the credibility of the existence of a bounty program based on the available evidence, gleaned in part from interrogations of captured Islamist militants by Afghanistan's government.[25] Anonymous officials who had seen the memo said that the "C.I.A. and the National Counterterrorism Center had assessed with medium confidence—meaning credibly sourced and plausible, but falling short of near certainty"—that bounties had been offered. Other parts of the intelligence community, including the National Security Agency, said they "did not have information to support that conclusion at the same level", and so had lower confidence in the conclusion.[26] Both Russia and the Taliban have denied the existence of a program.[22][27] In July 2020, Defense Secretary Mark Esper said that General Kenneth McKenzie and General Scott Miller, the top U.S. military commander in Afghanistan, did not think "the reports were credible as they dug into them."[28] General Kenneth McKenzie, the commander of U.S. Central Command, said that he found no "causative link" between reported bounties to actual U.S. military deaths.[28] In April 2021, the U.S. government reported that the U.S. intelligence community only had "low to moderate confidence" in the bounty program allegations.[29][30]
Alleged connection to Havana syndrome
[edit]In April 2024, 60 Minutes, Der Spiegel and The Insider published a ″joint investigation″ which alleges that Unit 29155 is connected to cases of "Havana syndrome", where U.S. employees or their family members have experienced symptoms in the range from pain and ringing in the ears to cognitive dysfunction.[31] Among the core findings of the yearlong collaboration of Roman Dobrokhotov, Christo Grozev and Michael Weiss were that senior members of the unit received awards and political promotions for work related to the development of non-lethal acoustic weapons; and that members of the unit have been geolocated to places around the world just before or at the time of reported incidents.[31] The Kremlin Press Secretary dismissed the report as "nothing more than baseless, unfounded accusations by the media."[32] In response to the report, the White House Press Secretary continued to back a March 2023 report by the National Intelligence Council that an enemy adversary was unlikely.[33]
Russo Ukrainian War
[edit]Beginning in 2020 to support Russia's efforts in the Russo-Ukrainian War, many cyber attacks on Ukraine and the countries of NATO allegedly were conducted by GRU 161st Specialist Training Center (Unit 29155), which is responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020, that often used multiple families of destructive wiper malware including "WhisperGate." The United States Justice Department indicted six individuals associated with GRU Unit 29155 who were the five GRU officers Vladislav Borovkov (Russian: Владислав Боровков), Denis Igorevich Denisenko (Russian: Денис Игоревич Денисенко), Yuriy Denisov (Russian: Юрий Денисов), Dmitry Yuryevich Goloshubov (Russian: Дмитрий Юрьевич Голошубов), and Nikolay Aleksandrovich Korchagin (Russian: Николай Александрович Корчагин) and one civilian Amin Timovich Stigal (Russian: Амин Тимович Стигаль; born 10 January 2002, Grozny). Also, the United States Department of State Diplomatic Security Service Rewards for Justice offers up to $10 million for information about these six individuals associated with GRU Unit 29155.[34][35][36][37][38][39][40][41][42][43][44][a]
See also
[edit]- Advanced persistent threat or APT
- PLA Unit 61398, "APT 1"
- PLA Unit 61486
- Russian interference in the 2016 Brexit referendum
- Poison laboratory of the Soviet secret services
- Sandworm
Notes
[edit]References
[edit]- ^ a b c d e f Schwirtz, Michael (2019-10-08). "Top Secret Russian Unit Seeks to Destabilize Europe, Security Officials Say". The New York Times. ISSN 0362-4331. Retrieved 2022-07-31.
- ^ a b c Schwirtz, Michael (22 December 2019). "How a Poisoning in Bulgaria Exposed Russian Assassins in Europe". The New York Times.
- ^ "The Dreadful Eight: GRU's Unit 29155 and the 2015 Poisoning of Emilian Gebrev". Leicester, England: Bellingcat. 23 November 2019. Archived from the original on 23 November 2019.
- ^ Отравительная восьмерка. Как и зачем 8 сотрудников ГРУ пытались отравить «Новичком» болгарского предпринимателя Гебрева [Poisonous Eight. How and why 8 GRU employees tried to poison the Bulgarian entrepreneur Gebrev with "Novichok"]. The Insider (in Russian). 23 November 2019. Archived from the original on 4 December 2019.
- ^ Janjevic, Darko (5 December 2019). "Russia posted GRU agents in French Alps for EU ops — report". Deutsche Welle (DW). Retrieved 6 December 2019.
- ^ Bremner, Charles (6 December 2019). "Russian assassins hid out in Alpine ski resorts". The Times. London. Retrieved 6 December 2019.
- ^ Rakuszitzky, Moritz (14 February 2019). "Third Suspect in Skripal Poisoning Identified as Denis Sergeev, High-Ranking GRU Officer". Bellingcat.
- ^ Andrew S. Bowen (November 24, 2020). Russian Military Intelligence: Background and Issues for Congress (PDF) (Report). Congressional Research Service. Retrieved July 21, 2021.
- ^ Mackinnon, Amy. "What's This Unit of Russian Spies That Keeps Getting Outed?". Foreign Policy. Archived from the original on July 2, 2020.
While Unit 29155 is often described as secretive, its tradecraft has at times been sloppy, including implausible cover stories and repeated use of the same aliases. [...] "We only know the failures, because they fail a lot. They may be doing a lot of other things that we don't know about," said Aric Toler, who heads up Bellingcat's investigations in Eastern Europe.
- ^ https://www.fbi.gov/wanted/cyber/gru-29155-cyber-actors#:~:text=Vladislav%20Yevgenyevich%20Borovkov%2C%20Denis%20Igorevich,2020%20and%20August%20of%202024.
- ^ https://www.justice.gov/opa/pr/five-russian-gru-officers-and-one-civilian-charged-conspiring-hack-ukrainian-government
- ^ "8 Russian Agents Linked to Bulgaria Poisoning – Bellingcat". The Moscow Times. 25 November 2019. Retrieved 6 December 2019.
- ^ Macintyre, Ben (6 December 2019). "Smersh spy-killers are back in business". The Times. London. Retrieved 6 December 2019.
- ^ "Serbs Convicted in Montenegro Return Home Awaiting Appeals". Balkan Insight. 13 May 2019.
- ^ "Montenegro Seeks to Lure More Russian Tourists". Balkan Insight. 16 March 2018.
- ^ "Senior GRU Leader Directly Involved With Czech Arms Depot Explosion". Bellingcat. 2021-04-20. Retrieved 2021-04-24.
- ^ "Exkluzivně: Rusové podezřelí z výbuchu ve Vrběticích jsou ti, kteří otrávili agenta Skripala" [Exclusive: Russians suspected of an explosion in Vrbětice are those who poisoned Agent Skripal]. www.seznamzpravy.cz. 17 April 2021. Retrieved 2021-04-17.
- ^ "Národní centrála proti organizovanému zločinu SKPV, žádá..." [National Central Office against Organized Crime SKPV, asks...]. Twitter. Retrieved 2021-04-17.
- ^ "Ukončení prověřování výbuchů muničních skladů ve Vrběticích" [Completion of the investigation of the explosions of ammunition warehouses in Vrbětice]. Police of the Czech Republic (in Czech). 2024-04-29. Archived from the original on 2024-04-29.
- ^ Чехия объявила в розыск за организацию взрывов во Врбетице известного по расследованиям The Insider ГРУшника Аверьянова [Czechia has declared wanted for organizing Vrbětice explosions the GRU agent Averyanov known from The Insider's investigations]. The Insider (in Russian). 11 May 2024. Archived from the original on 11 May 2024.
- ^ "Hledaný muž: AVERIYANOV ANDREY" [Wanted man: AVERIYANOV ANDREY]. Police of the Czech Republic (in Czech). Retrieved 2024-05-11.
- ^ a b Nakashima, Ellen; DeYoung, Karen; Ryan, Missy; Hudson, John (28 June 2020). "Russian bounties to Taliban-linked militants resulted in deaths of U.S. troops, according to intelligence assessments". The Washington Post. Retrieved 29 June 2020.
- ^ "U.S. commander: Intel still hasn't established Russia paid Taliban 'bounties' to kill U.S. troops". NBC News. September 14, 2020.
- ^ Savage, Charlie; Schmitt, Eric; Schwirtz, Michael (27 June 2020). "Russia Secretly Offered Afghan Militants Bounties". The New York Times. Retrieved 27 June 2020.
- ^ Rivkin, David B. Jr.; Beebe, George S. (July 5, 2020). "Opinion: Why we need a little skepticism, and more evidence, on Russian bounties". The Hill.
- ^ Savage, Charlie; Schmitt, Eric; Callimachi, Rukmini; Goldman, Adam (3 July 2020). "New Administration Memo Seeks to Foster Doubts About Suspected Russian Bounties". The New York Times. Retrieved 5 July 2020.
- ^ Brennan, David (29 June 2020). "What Is Unit 29155? The Russia Intel Branch Accused of U.S. Troop Bounties". Newsweek. Retrieved 29 June 2020.
- ^ a b Martinez, Luis (July 10, 2020). "Top Pentagon officials say Russian bounty program not corroborated". ABC News.
- ^ Rawnsley, Adam; Ackerman, Spencer (April 15, 2021). "U.S. Intel Walks Back Claim Russians Put Bounties on American Troops". The Daily Beast. Archived from the original on September 23, 2021. Retrieved April 15, 2021.
- ^ Ken Dilanian and Mike Memoli (April 15, 2021). "Remember those Russian bounties for dead U.S. troops? Biden admin says the CIA intel is not conclusive". NBC News. Archived from the original on June 5, 2021. Retrieved April 16, 2021.
- ^ a b Dobrokhotov, Roman; Grozev, Christo; Weiss, Michael (31 March 2024). "Unraveling Havana Syndrome: New evidence links the GRU's assassination Unit 29155 to mysterious attacks on U.S. officials and their families". The Insider. Retrieved 2024-04-01.
- ^ "Kremlin dismisses report Russia behind 'Havana Syndrome'". Reuters. 2024-04-01. Retrieved 2024-07-10.
- ^ "US not moved by report blaming Russia for 'Havana Syndrome'". Voice of America. 2024-04-01. Retrieved 2024-07-10.
- ^ Бовсуновская, Карина (Bovsunovskaya, Karina) (4 October 2024). "Российские хакеры пытались атаковать правительственные учреждения США" [Russian hackers tried to attack US government agencies]. УНІАН (unian.net) (in Russian). Archived from the original on 9 October 2024. Retrieved 9 October 2024.
{{cite news}}
: CS1 maint: multiple names: authors list (link) - ^ Гичко, Марта (Gichko, Marta) (6 June 2024). "США и союзники обвинили Россию в кибератаках на Украину и НАТО: Речь идет о серии кибератак на Украину и другие страны, совершенных накануне вторжения и ранее" [The United States and allies have accused Russia of cyberattacks on Ukraine and NATO: We are talking about a series of cyber attacks on Ukraine and other countries committed on the eve of the invasion and earlier.]. УНІАН (unian.net) (in Russian). Archived from the original on 9 October 2024. Retrieved 9 October 2024.
{{cite news}}
: CS1 maint: multiple names: authors list (link) - ^ Miller, Maggie (9 May 2024). "US, allied nations accuse Russia of cyberattacks against Ukraine and NATO: Hacking efforts as part of this campaign began in 2020, and included attacks on Ukrainian groups ahead of Russia's invasion, along with critical infrastructure organizations in NATO member states". Politico. Archived from the original on 6 September 2024. Retrieved 9 October 2024.
- ^ "США объявило награду в $10 млн за чеченского хакера, связанного с ГРУ — он помогал атаковать инфраструктуру Украины" [US announces $10 million reward for Chechen hacker linked to GRU who helped attack Ukrainian infrastructure]. The Insider (theins.ru) (in Russian). 27 June 2024. Archived from the original on 9 October 2024. Retrieved 9 October 2024.
- ^ Купфер, Мэттью (Kupfer, Matthew) (18 July 2024). "Семейный бизнес: США обвинили в киберпреступлениях отца и сына из РФ. «Голос Америки» узнал детали их биографий" [Family Business: US Accuses Russian Father and Son of Cybercrimes. Voice of America Learns Details of Their Biographies]. VOA (in Russian). Archived from the original on 21 July 2024. Retrieved 9 October 2024.
{{cite news}}
: CS1 maint: multiple names: authors list (link) - ^ "Amin Stigal". United States Department of State Diplomatic Security Service: Rewards for Justice. Archived from the original on 30 September 2024. Retrieved 9 October 2024.
- ^ "Attribution of Russia's Malicious Cyber Activity Against Ukraine". United States State Department. 10 May 2022. Archived from the original on 10 May 2022. Retrieved 9 October 2024.
- ^ "Reward up to 10 million dollars for information on Russian military intelligence officers". United States Department of State Diplomatic Security Service: Rewards for Justice. 5 September 2024. Archived from the original on 9 October 2024. Retrieved 9 October 2024.
- ^ "GRU Officers – Unit 29155". United States Department of State Diplomatic Security Service: Rewards for Justice. Archived from the original on 9 October 2024. Retrieved 9 October 2024.
- ^ "Update: Destructive Malware Targeting Organizations in Ukraine. Alert Code:AA22-057A". Cybersecurity and Infrastructure Security Agency (cisa.gov). 28 April 2022. Archived from the original on 6 September 2024. Retrieved 9 October 2024.
- ^ a b "Russian Military Cyber Actors Target US and Global Critical Infrastructure. Alert Code:AA24-249A". Cybersecurity and Infrastructure Security Agency (cisa.gov). 5 September 2024. Archived from the original on 6 September 2024. Retrieved 9 October 2024.