Understanding Russia’s Intelligence Agencies Part 2 : The SVR explained

The SVR’s Role in Espionage, Cyber-Operations and Shaping Russian Foreign Policy

Introduction

This is part 2 of a 3 part series explaining the different Russian intelligence agencies. In part 1, we discussed the Federal Security Service (FSB), its roles, notable incidents and geopolitical impact. This article will explain the Foreign Intelligence Service (SVR) in the same format.

While the FSB focuses on protecting Russian borders and looking after the stability of the country and its “near abroad” neighbors, the SVR’s focus is on countries outside of Russia. Their primary role is of espionage and intelligence collection.

Understanding the SVR, the roles it plays in supporting Russia’s geopolitical agendas and the campaigns it conducts will allow us to better understand how Russian foreign policy is shaped and executed.

Historical Evolution

The SVR is the official foreign-operations successor to several Soviet-era intelligence agencies. It traces its lineage back to the original ‘Foreign Department’ of the Cheka under Vladimir Lenin. Over the years, it structured multiple times, including the Joint State Political Directorate (OGPU) and the People’s Commissariat for Internal Affairs (NKVD) of the Stalinist era, before becoming the First Chief Directorate of the Committee for State Security (KGB).

The SVR was officially established in December 1991, alongside the Federal Agency of Government Communications and Information (FAPSI), after the dismantling of the KGB. The disbanding was due to a recent failed coup attempt by its head, Vladimir Kryuchkov.

Under the leadership of Yevgeny Primakov as the head of the newly formed SVR, they maintained the old KGB foreign intelligence activities without many major reforms. Primakov eventually served as the Minister of Foreign Affairs in 1996 and Prime Minister of Russia in 1998.

Role of the SVR

The SVR is Russia’s foreign intelligence agency, focusing on intelligence and espionage activities outside the Russian Federation. It is involved in various aspects of intelligence gathering, covert operations and “active measures” such as assassination. The SVR also plays a crucial role in shaping Russian foreign policy.

The SVR’s activities are legally supported by the “Law of Foreign Intelligence Organs,” which grants the agency broad powers to fulfill its objectives. This law authorizes the SVR to:

1. Conduct intelligence;
   2. Implement active measures to ensure Russia’s security;
   3. Conduct military, strategic, economic, scientific and technological espionage;
   4. Protect employees of Russian institutions overseas and their families;
   5. Provide personal security for Russian government officials and their families;
   6. Conduct joint operations with foreign security services;
   7. Conduct electronic surveillance in foreign countries.

According to the Russian Government website. The SVR “is part of the national-security system and is called upon to protect individuals, society and the state from foreign threats.”

Cyber Operations

APT29, also known as Cozy Bear, is a specialized cyber unit within the SVR, responsible for conducting high-profile state-sponsored attacks including:

1. 2013–present? Operation Ghost: An ongoing espionage campaign by APT29 that has successfully compromised multiple high-value targets, including victims within the Ministry of Foreign Affairs in Europe and the Washington, DC, embassy of a European Union country. These operations shows APT29’s focus on infiltrating organizations with strategic geopolitical significance and ties in with the role of the SVR in shaping Russian foreign policy.
2. 2016 Democratic National Committee (DNC) hack: APT29, alongside APT28 (part of the GRU), infiltrated the DNC’s network, stealing over 19,000 emails and 8,000 attachments. These emails were leaked by DCLeaks and WikiLeaks and caused a huge controversy, leading to the resignation of key DNC figures and altering the election campaign. U.S. intelligence agencies later concluded that the operation was part of Russia’s efforts to influence the election to sway public opinion and cause internal unrest.
3. 2019 SolarWinds Hack: APT29 was the culprit of a supply chain attack where they inserted the backdoor “Sunburst” into the SolarWinds Orion Platform. It was subsequently shipped out to unsuspecting victims during software updates, allowing the threat actors to gain privileged access to the systems of it’s victims. Orion is a network management system used by organizations such as the U.S. Homeland Security, AT&T, Microsoft, Cisco and Deloitte.
4. 2024 Attack on Microsoft Corporate Email Systems: In January 2024, Microsoft detected an attack by APT29 on their networks. The threat actors successfully got access to a small percentage of their corporate email accounts, including members of senior management and the cybersecurity team. The assessed goal of this particular attack was for APT29 to gather intelligence on Microsoft’s knowledge and assessments of APT29’s activities.

Notable Activities

• Espionage and the Illegals Program: The Illegals Program was a covert operation where Russian sleeper agents were given false identities and posed as ordinary citizens to embed themselves in U.S. communities. This allowed them to operate undetected while collecting intelligence for Russia. Starting in the late 1980s, the KGB, and later the SVR expanded their espionage operations by increasingly using legal immigrants and professionals as spies.
• Cooperation with Foreign Intelligence Services: Russia and China signed a secret intelligence cooperation treaty in 1992, involving the SVR and the Chinese People’s Liberation Army’s Military Intelligence Directorate. It sought to restore the cooperation in the area of intelligence which was cut off in 1959. The SVR also had a hand in training Iraqi spies in specialized counterintelligence techniques to “fight crime and terrorism” in collaboration with then Iraqi President Saddam Hussein.
• Assassinations Abroad: Soviet-era covert political assassinations were managed by the SVR, and similar activities reportedly continued. Incidents include the 2004 assassination of former acting Chechen president Zelimkhan Yandarbiyev in Qatar and the poisoning of former FSB officer turned defector Alexander Litvinenko in the UK in 2006.
• Internet Disinformation: SVR officers were tasked to use the New York Public Library’ internet access to place propaganda and disinformation on educational websites and send emails to US broadcasters, aiming to promote a positive image of Russia, incite anti-American sentiments, and cause domestic unrest.

Geopolitical Impact

The operations conducted by the SVR are closely aligned with Russia’s broader foreign policy objectives. With cyber operations and espionage being crucial in advancing Russian geopolitical agendas.

Cyber Operations and Influence Campaigns: The SVR, particularly APT29 has played an important role in their campaigns that directly shape geopolitical outcomes. The 2016 DNC hack was a clear example of how cyber operations are used to influence public opinion and alter the political landscape.

Espionage Activities: Russia has been making long term investments in infiltrating and influencing key geopolitical countries. Strategically placed spies and sleeper agents are used for intelligence collection, potential political leverage, and possibly be used in hybrid warfare scenarios. The SVR’s cooperation with foreign intelligence agencies also portray Russia’s aim at expanding its sphere of influence in regions of interest, they are able to strengthen their geopolitical alliances while counterbalancing Western influence.

Political Assassinations: The SVR’s involvement in high-profile assassinations of figures such as Zelimkhan Yandarbiyev in Qatar and the poisoning of Alexander Litvinenko in the UK shows Russia’s willingness to eliminate threats to the regime even when abroad. It also serves as an intimidation tool to send a clear warning message to dissidents and foreign governments alike.

Internet Disinformation and Propaganda: The SVR’s use of disinformation to manipulate public discourse, especially through the spread of propaganda on U.S. educational websites and news platforms, aligns with Russia’s objective of undermining trust in Western institutions and creating a favorable environment for its foreign policy initiatives. By fueling anti-American sentiment and sowing discord, the SVR indirectly advances Russian geopolitical goals.

Conclusion

The SVR, just like the FSB, plays an important role in advancing foreign policy through espionage, cyber operations and other clandestine operations. Its role in the SolarWinds hack and operations targeting Western nations shows how it’s activities have a specific focus on advancing Russia’s interests.

By seeing the SVR’s methods and its place within the Russian intelligence ecosystem, we are able to understand how Russia shapes global events through the use of covert influence, cyber operations, and traditional espionage. As global tensions rise, the SVR’s influence on international relations, particularly in the digital domain, will only grow in significance.

Additional Resources:

• The SVR, Russia’s Intelligence Service by Gordon Bennett
• Foreign Intelligence Service (Russia)
• MITRE ATT&CK APT29
• OPERATION GHOST
• SVR Espionage Activities

Author’s notes:

Part 2 done! For some reason there was less information about the SVR compared to the FSB. I wanted to cover a lot more about APT29 but this article is supposed to be SVR as a whole.

I also recently finished watching “Agents of Chaos”, its a HBO documentary about the Russian Troll Farms, the IRA and the DNC Hack. It’s slow paced and about an 1 1/2 hours long so it’s the perfect show to watch while having a quiet dinner.