Many universities have career fairs. At Bauman Moscow State Technical University, however, a special group of students appears to have something very unusual: a pipeline to some of the most notorious state-sponsored hacking groups in the world.
A new investigation by the organization of emerging journalists The guard, Der Spiegel, Le Mondeagain Insideamong other things, it lifted the lid on a secret unit within a prestigious Russian technical university – which spent years training students to become hacks for Russian military intelligence.
Journalists were able to obtain a large number of 2,000 internal documents that revealed some of the secret activities, including “Department 4” – intelligence with a name that seems to be deliberately forgotten at the Bauman military training center, where the GRU seems to buy new talent.
Russia’s military intelligence service, the GRU, directly controls who enters Department 4, according to the leak. It is the GRU that oversees the exams, and the signing of graduates, some promising students are tested while still in high school.
A core course called “Defending against hacking” covers password attacks, software vulnerabilities, and trojan horses. Students are asked to take practical entry tests, and one module is entirely dedicated to computer viruses, with students required to write their own virus as part of the test. They probably get extra marks for not infecting their instructor’s laptop.
In addition, there are lessons in classic James Bond-style surveillance with hidden surveillance devices like smoke detectors, portable keyloggers, and cables that silently send screenshots to a hidden drive.
Among the 69 students who are reported to have graduated from Department 4 in 2024 is Daniil Porshin. He spent six years at Bauman, receiving almost perfect grades. Upon graduation, he was allegedly assigned to the Fancy Bear hacking group, which was linked by the US Department of Justice in connection with the hacking of the Democratic National Committee.
Fifteen other students found themselves assigned to hacking groups, including one who appears to have been assigned to Unit 74455 (better known as Sandworm) – the GRU group blamed by Western governments for attacks on the Ukrainian power grid, Emmanuel Macron’s 2017 presidential campaign, and the 2018 Winter Olympics.
It’s worth noting that not everyone makes the grade, with one student being tested by a senior GRU official to “have enough understanding to carry out a long-range network attack.”
According to the documents, one of the teachers of Department 4 is Major General Viktor Netyksho. If that name sounds familiar to you, it’s likely that you were indicted by Robert Mueller for violating the DNC Act. It looks like he’s gone from running the Fancy Bear hacking gang to helping train their successors.
What the report does is a useful reminder that the threat posed by groups like Fancy Bear and Sandworm is serious and systemic. Russia runs a state-sponsored, government-directed production line for hackers – complete with lecture theaters, exam boards, and a constant supply of new recruits.
All of this means that those responsible for protecting their organizations from cybercriminals cannot rest easy.
Integrate your systems, enable multi-factor authentication, partition your network, log work, train your staff, perform regular backups, perform penetration tests against your organization to see where your weak points might be, and more.
Serious GRU-trained hackers, bent on breaking into your organization’s IT infrastructure, may find it impossible to find a way in – but make sure you do everything you can to make it as difficult as possible for them, and minimize any damage they might be able to cause.
