The FSB, or Federal Security Service of the Russian Federation (Федеральная Служба Безопасности Российской Федерации in Russian), is the principal security agency and intelligence service of the Russian government. It was established in 1995, succeeding the Federal Counterintelligence Service (FSK) and inheriting many functions of the former KGB (Committee for State Security) following the dissolution of the Soviet Union. The FSB’s primary responsibilities include counterintelligence, counterterrorism, internal security, and surveillance. It serves as the main domestic security agency of Russia and plays a crucial role in safeguarding the country’s internal stability. The FSB is tasked with preventing and investigating espionage, sabotage, and other activities that pose a threat to Russia’s national security. It is responsible for identifying and countering foreign intelligence activities within the country. In addition to counterintelligence, the FSB has a significant role in counterterrorism efforts. It addresses threats posed by domestic and international terrorist organizations, working to prevent attacks and ensuring the safety of Russian citizens.
The FSB has extensive powers related to surveillance and monitoring. It can conduct investigations into individuals or organizations suspected of posing a threat to national security, and it plays a role in monitoring communications and activities. With the increasing importance of cyberspace, the FSB has developed a focus on cybersecurity. It is involved in addressing cyber threats, both domestic and international, and plays a role in protecting critical information infrastructure. The FSB is also involved in matters related to economic security, investigating crimes such as corruption, economic espionage, and other activities that may threaten the economic well-being of the country.
Center 16
Center 16 is a direct descendant of the 16th Directorate of the KGB. Boris Yeltsin dissolved the 16th Directorate upon the fall of the Soviet Union and used it to establish the Federal Agency for Government Communications and Information (FAPSI). FAPSI conducted signals intelligence for the Russian Federation until its deactivation in 2003 and its subordinate elements were used to establish the 16th Center of the FSB.
Center 16, officially known as Military Unit 71330 the Center for Radio-Electronic Intelligence by Means of Communication, is responsible for cyber operations and radio-electronic intelligence. The emblem, featuring a satellite dish and a lightning-struck key, symbolizes its prowess in Signals Intelligence (SIGINT) and cryptographic activities.
Cybersecurity analysts associate two malicious cyber groups to Center 16. The first is known by many names to include Energetic Bear, Berserk Bear, and Dragonfly. The second is known as Venomous Bear, Turla, and Oroboros.
Center 16 has been actively engaged in cyber operations since at least 2010, executing significant campaigns targeting critical infrastructure systems across Europe, the Americas, and Asia. Its Snake malware tools have been identified in espionage operations in over 50 countries. Center 16 is also associated with cyber campaigns targeting Russian dissidents and Putin’s political opponents.
Center 18
The FSB Center for Information Security (TsIB) Military Unit 64829, operates within the FSB 1st Service, responsible for Counter-intelligence operations. The 18th Center for Information Security within the FSB oversees both domestic and foreign operations.
Cybersecurity analysts associate the Malicious Cyber Actor Star Blizzard with this FSB unit. STAR BLIZZARD, also known as SEABORGIUM/Callisto Group/ TA446/ COLDRIVER/ TAG-53/ BlueCharlie, has been actively involved in cyber espionage operations since at least 2019, predominately targeting the U.K. and the U.S. These targets include universities, defense contractors, governmental organizations, NGOs, think tanks and politicians. The group has also been implicated in selectively leaking and amplifying disinformation in the U.K. to sow dissent and spark political distrust. The UK and U.S. have been primary targets, but the group’s activities have extended to various NATO countries and neighboring nations of Russia.
Star Blizzard’s reconnaissance methods involve leveraging open-source resources, such as social media and professional networking platforms, to hook targets, build trust, and gain access to email accounts. The group utilizes sophisticated spear-phishing techniques, evolving their methods to maintain effectivenes. Reports indicate the FSB has the capability to develop advanced malware tools and manipulate exposed malware to disguise their operations.
Key Terrain Cyber is dedicated to the professional development of our cyber workforce and information warfare community. We offer all our programs at no cost to readers, including our professional journal, mentorship and fellowship programs, and information warfare memorial. Our team of unpaid volunteers work hard to keep this site running and appreciate any support you are willing to give us.
There are several ways you can help us spark innovation, disseminate good ideas, and remember our fallen. You can donate to KTC via the paypal button or venmo graphic below and help us cover our operating costs. Buying Key Terrain Cyber merchandise from our webstore is another excellent way to show your support for our programs and look good in the process.
Interested in volunteering your time? Contact us at [email protected] if you want to learn more about becoming a volunteer, staff member, or senior fellow. Finally, you can thank our staff by using the button below to buy us a coffee or a beer.