Ukrainian cybersecurity official reveals structure of Russian hacker groups

Exclusive

Russian hacker groups are military units with code names that are part of the Main Intelligence Directorate of the General Staff and the Federal Security Service of the Russian Federation.

Illia Vitiuk, head of the Cybersecurity Department of the Security Service of Ukraine (SBU), said this in an interview with Ukrinform.

"Hacker groups, also known as APT [advanced persistent threat] groups, operate directly in the staff of the special services. We know their structure. In Russia, the GRU and the FSB are leading in this respect. The GRU has military units that are special units. For example, unit 74455 is SandWorm, and unit 26155 is APT-28. And there are many of them. Each of them specializes in specific directions. SandWorm is engaged in attacks on energy, telecommunications, Internet providers, and communications operators. There are individuals out there who write malware, surf the web, send phishing emails, and more. FSB has 'Armageddon,' 'Turla,' 'Dragonfly.' Each special service has two or three APT groups," he said.

According to Vitiuk, the SandWorm group is headed by Yevgeny Serebryakov. The SBU charged him with carrying out a hacker attack on the Kyivstar mobile communications operator in December 2023.

He noted that the SBU plans to issue suspicion notices against members of the SandWorm group, as well as the heads of the Main Directorate of the General Staff of the Russian Federation.

Vitiuk said that hacker groups in Russia are constantly expanding.

In the cyber war, their allies are only Belarusian hackers.

"At the end of 2022, the Belarusian special services sent their hackers to Russia for internships. They had joint exercises and training, but the role of the Belarusians in the cyber war is insignificant," Vitiuk said.

On December 12, 2023, Ukraine's mobile communications operator Kyivstar became the target of a powerful hacker attack, which led to a technical failure.