Fears grow of Russian spies turning to industrial espionage
Alexander Martin September 14, 2022

Fears grow of Russian spies turning to industrial espionage

Fears grow of Russian spies turning to industrial espionage

Russia acknowledged this week that parts of its technology industry are dependent on foreign knowledge and lagging competitors by more than a decade, raising concerns that the country’s cyber spies will be used for industrial espionage.

Experts told The Record that Western companies should be on “full alert” for attacks from Moscow’s intelligence services. President Vladimir Putin has suggested in recent months that the country’s Foreign Intelligence Service (SVR) should support technological development as the country deals with mounting sanctions.

The admission about the state of Russia’s microelectronics industry is contained in a new strategic policy document from the Ministry of Industry and Trade, reported Tuesday by Kommersant. It lists a number of acute problems facing Russia’s domestic technology industry, including its dependence on foreign intellectual property; its lack of production capacity; and Russia being unattractive to investors.

These headwinds were referenced in a speech by Putin to the SVR on June 30 when he stressed the role of the spy agency in mitigating sanctions, while avoiding any direct reference to the invasion of Ukraine.

“As always, one priority area of the SVR’s work is its support of the industrial and technological development of our country; the strengthening of our defense potential. This effort is always acute, particularly now amidst attempts to apply sanctions pressure on Russia,” Putin said in June

“In that regard, we all know well that the Soviet Union, and even before it, the country always lived under the conditions of such sanctions. One way or another, they have always tried to contain us,” he added.

Keir Giles, a senior consulting fellow at Chatham House’s Russia and Eurasia Programme, told The Record he would be “startled, alarmed and dismayed” if Western companies “were not already fully on alert” for such espionage.

“I think it’s another of those ones where we’ve forgotten just how busy the Russian intelligence services always were during Soviet times doing precisely this, trying to steal technological secrets from the West because they were unable to develop things themselves,” Giles added.

Gavin Wilde, a senior fellow at the Carnegie Endowment for International Peace and a former director for Russia at the U.S. National Security Council, provided the translation of Putin’s comments for The Record and said: “Left unstated in this allusion to a bygone era is that in many ways, Moscow is more economically and politically isolated than ever.”

“As in so many other things, it’s Russia reverting to long-standing practice — if of course they had ever abandoned it. I would be surprised if that had ever been de-prioritised in the Russian intelligence services,” said Giles, the author of a forthcoming book titled Russia’s War on Everybody due to be published in November. 

“It could just be a factor of they’re actually mentioning it now, which is different than us noticing it more now along with everything else that Russia has always been doing, but is now more of a focus of attention.”

Difficulties at the SVR

Putin’s speech was delivered at the SVR headquarters in Moscow as part of commemorations for the centennial of its “illegals” program, which deploys undeclared intelligence officers abroad living under false identities.

In a major upset for the agency, ten of these spies — including Anna Chapman — were arrested in 2010 by the FBI. Another suspected member of that spy ring — who was deported for immigration violations without being charged with espionage — worked as a software tester for Microsoft.

Russian president Vladimir Putin speaking at the Foreign Intelligence Service headquarters in June.

It is not known whether this man had intended to spy on Microsoft itself or if his employment at the company was part of his cover. A federal law enforcement official told The Washington Post that he “was just in the early stages… had just set up shop” at the time the group was rolled up.

Further setbacks to the SVR’s human operations include the more recent shutting of Russia’s consulates in Seattle and San Francisco in response to the country’s interference in the 2016 presidential election and the attempted assassination of Sergei Skripal in the UK.

“In general I’d wager the San Francisco and Seattle consulates were prime locations for collection on tech companies, so their closure was probably a hit to Moscow’s level of insight,” said Wilde. “The raft of recent expulsions and exposures have made the environment for SVR human operations less and less permissive, likely lending impetus to SVR’s cyber-enabled espionage.”

Despite the impact on its in-person espionage, the SVR has been credited by Microsoft for pulling off “the most sophisticated nation-state [cyber] attack in history” through the SolarWinds supply-chain breach in 2020.

The Russian spy agency has traditionally focused on government departments, NGOs and think-tanks as its intelligence targets — in contrast to hackers allegedly working on behalf of the Chinese government who have been accused of stealing commercially viable intellectual property from U.S. businesses.

However it is not clear whether Russia could effectively use the stolen IP to meet the challenges described in the Kommersant report.

Carnegie’s Wilde said that regardless of whether the SVR deployed cyber or human resources, Russia’s ability to turn its intelligence into something valuable had “certainly diminished relative to the glory days of the KGB”.

Despite Putin’s speech, the SVR’s cyber espionage group — tracked as Nobelium by Microsoft and APT29 by Mandiant — does not appear to have changed from targeting victims who offer political and foreign policy insights.

As recently as last month, Microsoft Threat Intelligence Center (MSTIC) said that Nobellium “remains highly active” but was targeting government organizations alongside NGOs and IGOs across the U.S., Europe and Central Asia.

Mandiant, now part of Google Cloud, told The Record that it had “observed fewer intrusions of U.S.-based organizations by APT29 in 2022 compared to prior years.”

“They have been deliberate in their targeting and have continued multi-year attacks of specific organizations with data of interest to the Russian government,” Charles Carmakal, the company’s senior vice president and chief technical officer, told The Record.

“They continue to develop and leverage novel tradecraft that makes it very difficult for network defenders to detect when they penetrate victim environments.”

Wilde told The Record that Putin’s speech was essentially a “warning” to the intelligence service against “wishful thinking” given the new geopolitical realities.

“His explicit charge, however, seems willfully ignorant of the insurmountable barriers to Russia’s technological self-sufficiency,” Wilde added. “Moscow now has essentially two options: illicitly pilfer the componentry and know-how it needs from abroad or deepen its dependency on exploitative and problematic ‘friends’ like China and Iran.

“Neither approach is really scalable to Moscow’s aspirations, and there isn’t really a third option.”

Alexander Martin is the UK Editor for The Record. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.