The Russian SVR, or Sluzhba Vneshney Razvedki (Foreign Intelligence Service), is one of the primary intelligence agencies in Russia. Established in 1991, following the dissolution of the Soviet Union, the SVR took over the foreign intelligence responsibilities from its predecessor, the First Chief Directorate (PGU) of the KGB. The SVR can trace its roots back to the foreign intelligence branch of the KGB (Committee for State Security), the Soviet Union’s main security and intelligence agency during the Cold War. The KGB’s First Chief Directorate focused on foreign intelligence operations, and its functions were inherited by the SVR after the Soviet Union’s collapse in 1991. The SVR was officially created on December 18, 1991, by a presidential decree signed by Boris Yeltsin. Its establishment was part of the broader restructuring and demilitarization of Soviet institutions as the country transitioned to a new political and economic system.
In the post-Cold War era, the SVR adapted to new geopolitical realities. While it retained a focus on traditional intelligence gathering, it also expanded its efforts to counter terrorism, monitor arms control agreements, and assess global political and economic developments. The SVR operates worldwide, with a primary mission to collect foreign intelligence for the Russian government. This includes monitoring the activities of other nations, analyzing global political trends, and providing actionable intelligence to Russian policymakers. The SVR works closely with other Russian intelligence and security agencies, such as the FSB (Federal Security Service) and the GRU (Main Intelligence Agency of the General Staff of the Armed Forces). Each agency has distinct areas of responsibility, and they collaborate to address national security concerns. The SVR continues to play a significant role in shaping Russia’s foreign policy by providing crucial information and analysis to the country’s leadership. As with many intelligence agencies, the SVR’s activities often operate in the shadows, and much of its work remains classified.
Cozy Bear
APT29, also known as Cozy Bear or The Dukes, is a sophisticated and well-known Advanced Persistent Threat group associated with state-sponsored cyber-espionage. APT29 is believed to be involved in intelligence-gathering activities and has been linked to the SVR. Security researchers and intelligence agencies have identified patterns in its tactics, techniques, and procedures (TTPs) that align with Russian cyber capabilities and interests. APT29 has targeted a variety of western organizations, including government entities, think tanks, and diplomatic institutions. The group has been involved in campaigns with a focus on stealing sensitive information and intelligence from its targets.
Cozy Bear is primarily known for engaging in cyber-espionage. The group employs sophisticated methods such as spear-phishing, malware, and other advanced techniques to gain unauthorized access to target networks and maintain long-term presence for intelligence-gathering purposes. APT29 uses a range of custom and advanced malware toolsets for its operations. The CozyDuke and CozyCar malware families are among the notable tools associated with the group. These toolsets are continuously updated and adapted to avoid detection and maintain effectiveness.
APT29’s activities are often aligned with Russia’s geopolitical interests. The group has been implicated in cyber-espionage campaigns related to international conflicts, political events, and diplomatic relations. Cozy Bear gained international attention for its alleged involvement in the cyber-espionage activities during the 2016 U.S. presidential election. The group was accused of infiltrating various U.S. government entities and political organizations such as the Democratic National Committee in 2016, and Republication National Committee in 2021.
Key Terrain Cyber is dedicated to the professional development of our cyber workforce and information warfare community. We offer all our programs at no cost to readers, including our professional journal, mentorship and fellowship programs, and information warfare memorial. Our team of unpaid volunteers work hard to keep this site running and appreciate any support you are willing to give us.
There are several ways you can help us spark innovation, disseminate good ideas, and remember our fallen. You can donate to KTC via the paypal button or venmo graphic below and help us cover our operating costs. Buying Key Terrain Cyber merchandise from our webstore is another excellent way to show your support for our programs and look good in the process.
Interested in volunteering your time? Contact us at [email protected] if you want to learn more about becoming a volunteer, staff member, or senior fellow. Finally, you can thank our staff by using the button below to buy us a coffee or a beer.
