xorl %eax, %eax

Russia’s Cyber Operations Groups

with 2 comments

Some time ago I published a post where I was briefly discussing some of the most well known APT aliases associated with specific government organizations of the Russian Federation. Since recently we had lots of additional information being released from official sources (US and UK governments), I decided to make this into a more thorough diagram.

The sources used are listed below.

I hope that they weren’t wrong, but if you notice any mistakes, missing details or incorrect information please let me know to update it accordingly.

Last update: 17 MAY 2023



  • Version 5.8 (17 May 2023: Fixed Turla/SNAKE attribution (thanks to will)
  • Version 5.5 (17 May 2023): Added Military Unit 33949 (from US DoJ)
  • Version 5.0 (24 February 2023): Added Military Unit 43753 (from US DoJ)
  • Version 4.6 (07 April 2022): Added the insignia of FSB’s 16th Centre (from UK gov)
  • Version 4.5 (01 April 2022): Added the FGUP TsNIIKhM
  • Version 4.0 (28 March 2022): Updated the FSB’s 16th Center
  • Version 3.5 (04 November 2021): Added 4th Section of SCO
  • Version 3.0 (25 April 2021): Reorder the diagram to be easier to read
  • Version 2.5 (25 April 2021): Added the missing parent organizations
  • Version 2.2 (24 April 2021): Added the missing flag
  • Version 2.0 (19 April 2021): Separate 6th Dir. centers (thanks to @WylieNewmark)
  • Version 1.0 (16 April 2021): First publication.

Written by xorl

April 16, 2021 at 15:31

2 Responses

Subscribe to comments with RSS.

  1. turla is under the 16th center according to the document https://web.archive.org/web/20230510081641/https://flashpoint.io/wp-content/uploads/Application-for-Search-Warrant-Snake-Malware-Network.pdf
    please don’t post my comment thanks


    May 17, 2023 at 12:55

  2. You’re right, that was the previous attribution. As per the US government: https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_1.pdf it’s the 16th Center. I’ll update it.

    Thank you!


    May 17, 2023 at 18:09

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: