Threat Intel

OPSEC is hard! Doing things that are covert is expensive and time consuming. Being invisible in today’s digital age is very hard. Operating covertly in plain sight it also hard.

Everything about this “stuff” is hard, except sometimes maybe it’s just viewed as “it’s hard and expensive” so why even bother, or conversely… maybe the objective can be “we want people to know it was us.”

Either way there’s some interesting reading if we look at “cyber” and “opsec”. For the minute I’ve just started to collect a list of links to articles which show some of the ways opsec failures have occurred in the past in relation to the GRU.

The Moscow rules – Wikipedia

Visual guide: how Dutch intelligence thwarted a Russian hacking operation | Russia | The Guardian

(Cyber) GRU (XII): OPSEC (

Hackers-Are-Humans-Too-Partial-Redacted.pdf.pdf (

Guccifer 2.0’s Slip-Up Shows That Even Elite Hackers Make Mistakes | WIRED

Why Russia’s GRU military intelligence service is so feared – BBC News

305 Car Registrations May Point to Massive GRU Security Breach – bellingcat

After many opsec fails, Russia seeks to ban soldier social media spoilers | Ars Technica

The GRU’s MH17 Disinformation Operations Part 1: The Bonanza Media Project – bellingcat

Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace | OPA | Department of Justice

Elite Russian Sandworm Hackers’ Epic OPSEC Problem (

Skripal Suspects Confirmed as GRU Operatives: Prior European Operations Disclosed – bellingcat

British military bases issue security alert after Russian TV crew accused of spying outside cyber warfare HQ | The Independent | The Independent

As we can see there’s a mixture of areas here from espisionage, electronic warfare, information operations, computer network exploitation (CNE) and computer network attacks (CNA).


Ok so this is really just a collection of examples for people to look at, it’s not just the GRU who have opsec challenges. Every countries military, intelligence services and defence contractors do, because opsec is hard, and data is like oil, it gets everywhere, is messy and is hard to clean up! And as mentioned above, there might be reasons why someone wants something to be attributable to them.