Main Directorate of the General Staff

Audio readout of this profile.

Overview

The Main Directorate of the General Staff of the Armed Forces of the Russian Federation — formally renamed the GU in 2010, but continuing in popular and journalistic use as the GRU (Glavnoye Razvedyvatelnoye Upravlenie, "Main Intelligence Directorate") — is Russia's military-intelligence service. Among the three principal Russian intelligence services, it is the only one with a continuous institutional lineage extending back through the entire Soviet period, having been established in 1918 under the direction of People's Commissar for Military and Naval Affairs Leon Trotsky as the intelligence component of the Red Army's General Staff.¹

The Service is responsible for military intelligence at the strategic, operational, and tactical levels; signals-intelligence collection through dedicated units; the conduct of clandestine military human-intelligence operations through illegal residencies; and — uniquely among the Russian intelligence services — paramilitary and direct-action operations through Special Forces (Spetsnaz) brigades subordinate to it. It is headquartered at Khoroshevskoye Shosse 76 in northwest Moscow, in a complex known in journalistic and defector accounts as "the Aquarium."²

The Service is led by a Chief who is a senior officer of the Armed Forces, holding the rank of Colonel-General, General of the Army, or equivalent naval rank, and reports through the Chief of the General Staff and the Minister of Defence.

History & Origins

The Service was established on 5 November 1918 by Soviet Republic Order No. 197/27 as the Registration Directorate of the Field Staff of the Republic, under the supervision of People's Commissar for Military and Naval Affairs Leon Trotsky. The directorate was reorganised and renamed multiple times across the Soviet period, most enduringly as the Main Intelligence Directorate (GRU) of the General Staff from 1942 onward.³

The Soviet GRU operated in continuous parallel to the foreign-intelligence apparatus of the Cheka / OGPU / NKVD / KGB lineage, a doctrinal separation between civilian and military intelligence that has continued in the post-Soviet period. The two services maintained distinct but overlapping foreign-intelligence networks, distinct cipher and signals capabilities, and distinct illegal residencies — a duplication that successive Soviet leaders, including Yuri Andropov, attempted but failed to consolidate.⁴

The Service was renamed Main Directorate (GU) of the General Staff in 2010 as part of the broader reorganisation of the Russian Armed Forces under President Dmitry Medvedev and Defence Minister Anatoly Serdyukov. The "GRU" designation was formally retired but continued in popular Russian and Western journalistic and intelligence-community usage; the "GRU" designation remains in popular and journalistic usage.⁵

The 2014 Russian operations in Ukraine — the annexation of Crimea, the operations in eastern Ukraine, and the deployment of unmarked "little green men" identified by Ukrainian and Western governments as Russian Spetsnaz — produced the most consequential public exposure of the Service in the post-Soviet period. The 2018 Salisbury attack, the 2018 Mueller indictment of twelve named GRU officers, the Czech attribution of the 2014 Vrbětice arms-depot explosions to GRU Unit 29155, and successive cyber attributions have produced a sustained period of Western-government public attribution unprecedented in the Service's history.⁶

Mandate & Jurisdiction

The Service's authorities derive from the Federal Law "On Defence" of 1996, the Federal Law "On Foreign Intelligence" of 1996, and successive General Staff orders. Its statutory functions are:

• military intelligence at the strategic, operational, and tactical levels in support of the Armed Forces and the Russian state;
• signals-intelligence collection on military and military-relevant targets;
• conduct of clandestine military human-intelligence operations abroad;
• conduct of authorised special-operations and reconnaissance activities through subordinate Spetsnaz units;
• support to the operations of the Russian Armed Forces.⁷

The Federal Law on Foreign Intelligence specifically recognises the Service as an authorised foreign-intelligence body alongside the SVR, with the Service's remit limited to military and military-relevant subjects. In practice, the boundary between SVR and GRU foreign operations is contested.

Notable Operations

Confirmed "Little green men" in Crimea (2014). The unmarked Russian military personnel who took control of key facilities in Crimea in late February and early March 2014, prior to the annexation referendum, were initially denied by the Russian Federation as Russian forces; in an April 2014 interview President Putin acknowledged that Russian "polite people" had been deployed. Subsequent Russian, Ukrainian, and Western public-record analysis has attributed substantial elements of the operation to GRU Spetsnaz units.⁸

Alleged Vrbětice ammunition-depot explosions (2014, Czech Republic). The October 2014 explosions at a Czech Army ammunition depot at Vrbětice, which killed two Czech contractors. In April 2021 the Czech Government attributed the explosions to GRU Unit 29155 and expelled eighteen Russian diplomats. The attribution rested on Czech intelligence work identifying GRU officers — including individuals also identified in the 2018 Salisbury attribution — present in the country at the time. The Russian Federation has denied the attribution.⁹

Alleged Salisbury Novichok attack (2018). The 4 March 2018 nerve-agent poisoning of Sergei Skripal — a former GRU officer who had previously been a UK intelligence agent and had been released to the United Kingdom in the 2010 Vienna exchange — and his daughter Yulia in Salisbury, England. Both survived; the British civilian Dawn Sturgess subsequently died from contact with the discarded Novichok-containing perfume bottle. The UK Government's 14 March 2018 attribution identified the operation as the work of two GRU Unit 29155 officers; subsequent Bellingcat / Insider / Der Spiegel open-source investigation identified the operatives, named as "Petrov" and "Boshirov," as Anatoly Chepiga and Alexander Mishkin and identified a third GRU officer involved in the operation, subsequently named by the UK Crown Prosecution Service (September 2021) as Denis Sergeev (alias "Sergey Fedotov"). The Russian Federation has denied the attribution.¹⁰

Confirmed DNC and DCCC cyber operations (2016). The cyber-intrusion operations against the Democratic National Committee, the Democratic Congressional Campaign Committee, and the personal email accounts of senior Hillary Clinton campaign officials, during the 2016 US presidential election. The intrusions were attributed by US Government statements and by the Indictment in United States v. Netyksho et al. of 13 July 2018 — which named twelve GRU officers from Units 26165 (cyber-intrusion) and 74455 (information operations) — to the GRU.¹¹

Alleged NotPetya cyber attack (2017). The 27 June 2017 deployment of the NotPetya destructive malware, distributed initially through the Ukrainian accounting software M.E.Doc. The attack caused approximately US$10 billion in global damage. UK and US Government statements of February 2018 attributed the operation to the GRU; the US Department of Justice unsealed indictments of named GRU Unit 74455 officers in October 2020.¹²

Confirmed Operations in Ukraine (post-February 2022). The Service's operations in support of the full-scale Russian invasion of Ukraine that began on 24 February 2022 have been the subject of sustained public-record analysis based on captured documents, intercepted communications, and successive Ukrainian and Western government statements. Ukrainian sources, the Royal United Services Institute, and the International Institute for Strategic Studies have produced detailed assessments of GRU pre-invasion intelligence preparation and post-invasion operational performance.¹³

Controversies & Abuses

Alleged Unit 29155 — pattern of sustained foreign direct-action operations. Multiple reputable investigative outlets — The New York Times, Bellingcat, Insider, Der Spiegel, and BBC investigations — have identified GRU Unit 29155 as the unit responsible for a pattern of foreign direct-action operations including the 2018 Salisbury attack, the 2015 attempted poisoning of Bulgarian arms dealer Emiliyan Gebrev, the Vrbětice explosions, and successive operations in Western Europe. The unit's existence and its identifying officers were progressively documented through a combination of Western intelligence-service disclosure and open-source investigation. The Russian Federation has consistently denied attribution.¹⁴

Alleged Unit 26165 (APT28 / Fancy Bear) — sustained cyber operations. Unit 26165 has been identified by Western intelligence services and private-sector cyber-security firms as the GRU unit responsible for the cyber-intrusion set tracked variously as APT28, Fancy Bear, Strontium, and Forest Blizzard. Operations attributed to the unit include the 2016 DNC intrusions, sustained operations against the Organisation for the Prohibition of Chemical Weapons (disrupted by Dutch authorities in April 2018), the World Anti-Doping Agency, the German Bundestag (2015), and the French TV5Monde broadcaster (2015).¹⁵

Alleged Unit 74455 (Sandworm) — destructive cyber operations. Unit 74455 has been identified as responsible for the cyber-intrusion set tracked as Sandworm / Voodoo Bear, including the 2015 and 2016 attacks on Ukrainian electric-grid infrastructure (BlackEnergy, Industroyer/CrashOverride), the 2017 NotPetya attack, the 2018 Pyeongchang Olympics opening-ceremony attack (Olympic Destroyer), and successive operations against Ukrainian infrastructure during the post-2022 invasion period. The October 2020 US Department of Justice indictment named six GRU Unit 74455 officers.¹⁶

Notable Figures

• Yan Berzin — Chief, 1924–1935 and briefly 1937. Founding-period institution-builder; executed in the Stalinist purges.
• Pyotr Ivashutin — Chief, 1963–1987. Longest-serving Chief of the GRU.
• Igor Sergun — Chief, 2011–2016. Period of the Crimea operation; sanctioned by the United States in 2014.
• Igor Korobov — Chief, 2016–2018. Period of the Salisbury operation and the DNC cyber operations.
• Igor Kostyukov — Chief, 2018–present. The first naval officer (Admiral) to head the GRU; sanctioned by multiple Western governments.

Oversight & Accountability

Oversight of the GRU/GU is exercised by the Chief of the General Staff, the Minister of Defence, the President of the Russian Federation, and the Security Council. The Service is not subject to external civilian audit on the model of comparable Western military-intelligence services; Russian Federal Assembly oversight of the General Staff is more limited than over civilian agencies.

Specific Service personnel and units have been the subject of sanctions by the United States (Executive Order 13694 and successive cyber-related sanctions), the European Union, the United Kingdom, and other Western governments. The 2018 United States v. Netyksho et al. indictment, the 2020 United States v. Andrienko et al. indictment, and the 2018 disruption of GRU Unit 26165's OPCW operation in the Netherlands by Dutch authorities (publicly disclosed 4 October 2018) are the principal public-record judicial and disruption actions taken against the Service to date.¹⁷

Sources & Further Reading

1. Federal Law on Defence (Federal Law No. 61-FZ of 31 May 1996); Federal Law on Foreign Intelligence (Federal Law No. 5-FZ of 10 January 1996); Mark Galeotti, Russia's Military Intelligence and the Future of Russian Strategy, RUSI Whitehall Paper, 2022.
2. Viktor Suvorov, Inside Soviet Military Intelligence (Macmillan, 1984); Mark Galeotti, Putin's Wars: From Chechnya to Ukraine (Osprey, 2022).
3. Soviet Republic Order No. 197/27 of 5 November 1918; Suvorov, op. cit.
4. Christopher Andrew and Vasili Mitrokhin, The Sword and the Shield (Basic Books, 1999); Andrew, The Defence of the Realm (Allen Lane, 2009), sections on parallel Soviet services.
5. Russian Government statements 2010 on the renaming of the GRU to GU; subsequent Russian Ministry of Defence usage.
6. Galeotti, Russia's Military Intelligence, op. cit.; UK Government statement on Salisbury, 14 March 2018; Statement of the Government of the Czech Republic, 17 April 2021.
7. Federal Law No. 5-FZ of 10 January 1996, articles 11–13.
8. Vladimir Putin, "Direct Line with Vladimir Putin," 17 April 2014, Russian Presidential Office transcript; Anton Lavrov, "Russian Again: The Military Operation for Crimea," in Brothers Armed: Military Aspects of the Crisis in Ukraine (East View Press, 2014).
9. Statement of the Government of the Czech Republic on the Vrbětice case, 17 April 2021; Czech Republic Generální inspekce bezpečnostních sborů investigative findings, 2021.
10. UK Government statement, "Salisbury attack: PM Theresa May's response," 14 March 2018; Bellingcat / Insider / Der Spiegel investigative series, 2018–2019, "Skripal Suspects."
11. United States v. Viktor Borisovich Netyksho et al., indictment, D.D.C., 13 July 2018; Office of the Special Counsel, Report on the Investigation Into Russian Interference in the 2016 Presidential Election, March 2019.
12. UK Foreign Office statement on NotPetya attribution, 15 February 2018; United States v. Yuriy Sergeyevich Andrienko et al., indictment, W.D. Pa., 19 October 2020.
13. Royal United Services Institute, Operation Z and Preliminary Lessons in Conventional Warfighting from Russia's Invasion of Ukraine series, 2022–present; International Institute for Strategic Studies, Military Balance successive editions.
14. Michael Schwirtz, "Top Secret Russian Unit Seeks to Destabilize Europe, Security Officials Say," New York Times, 8 October 2019; Bellingcat, GRU Unit 29155 investigation series.
15. Microsoft Threat Intelligence reporting on Forest Blizzard / APT28; Dutch Ministry of Defence statement on disruption of GRU Unit 26165 OPCW operation, 4 October 2018; CrowdStrike, FireEye, and ESET successive technical reports.
16. United States v. Andrienko et al., indictment, W.D. Pa., 2020; Andy Greenberg, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers (Doubleday, 2019).
17. Department of the Treasury Specially Designated Nationals updates, 2014–present; UK and EU sanctions designations on GRU personnel and units.