expert travel financial security

ETFS Insurance Plans

ETFS is a provider of insurance products and services and offers a full range of travel insurance and health insurance products to students, individuals, groups and sometimes expatriates. ETFS stands for Expert Travel Financial Security. The company is based in Quebec. Expat Financial is able to source international insurance plans from ETFS and also a variety of global insurance carriers for those traveling or living abroad . It is our understanding that ETFS offers the Viator expat health plan .

NOTE THAT WE ARE NOT ETFS – WE ARE JUST DESCRIBING THE COMPANY AND PLANS 

We are not associated in any way with ETFS and do not have a contract with them or sell their plans. We prefer to offer high quality global medical insurance plans to expatriates with large and well-known insurance providers .

Expat Financial can offer a variety of international insurance solutions to Canadians and citizens around the world and can source global insurance carriers that most domestic insurance suppliers do not have access to. We are independent insurance brokers who represent the client, not the insurer. If you are in need of international life insurance , expat health insurance , travel insurance , expat disability or international group insurance , please contact Expat Financial for a solution to your global insurance needs.

If your company is wanting to cover it’s expatriate workforce, please contact us to discuss your requirements and we can obtain quotes from the market and report back to you with our findings. We can even source coverage for just one expatriate employee.

If you or your firm requires a global insurance solution, then you should contact Expat Financial through its owner TFG Global Insurance Solutions Ltd.  Feel free to email us your requirements.

EXPAT FINANCIAL & Design is a registered trademark of TFG Global Insurance Solutions Ltd. Note: Some of the products and services described or advertised on this site may not be available to residents of certain jurisdictions, depending on regulatory constraints, including Canada and the U.S. Please contact TFG Global Insurance Solutions Ltd. for more information about your specific jurisdiction. The policies we offer via TFG Global Insurance Solutions Ltd. or its related websites are unavailable to US citizens who will be remaining in the USA for more than 180 days per policy year or are currently residing in NY State.

We use cookies to make sure the website can function, to measure traffic and to support the marketing of our services. By clicking on "Allow" or using the website, you agree to our use of cookies, our Privacy Statement & Legal Terms of Use . Please read our Cookie Notice for further information about our use of cookies. You may change your consent by rejecting optional cookies in the settings or by blocking cookies in your browser.

Cookie and Privacy Settings

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Global Excel Announces New CEO & Executive Chairman

March 26th, 2024

Global Excel Management Inc. today announced that, effective March 26th, 2024, CEO & President Reg Allatt will move into a new role of Executive Chairman, Chairman Steve Allatt will move into a new role of Chairman Emeritus and current President Canada Regional Business and Chief Business Development Officer Phil Hibbert has been named CEO.

For close to 30 years, under the leadership of Steve and Reg, Global Excel has transformed from an assistance, medical case management company focused on managing the medical claims of our then-parent company Expert Travel Financial Security (etfs) to be one of the largest independent health risk management companies today. Since its foundation in 1996, Global Excel has grown profitably and successfully, and today with over 1,400 employees in 9 countries, we currently provide a comprehensive range of services to over 1,800 clients located in over 90 countries around the world. With this evolutionary change in Global Excel’s leadership structure, the company will be well-positioned to pursue future growth and the Allatt family will be able to focus on their many philanthropic endeavors and wider business interests.

Reg Allatt shared: “It has been a tremendous opportunity and privilege to witness the transformation of our organization over the past decades. My father and I will always be the first to acknowledge the dedicated efforts of the entire Global Excel team, some of whom have been with us from the very start. Global Excel is positioned for effective long-term growth, and I am confident that, together, we will celebrate even more successes in the next phase of our journey. As Executive Chairman, I look forward to focusing my attention on our continuing merger and acquisition activity as well as on new product, service and technological development. I consider both these elements essential to the continued successful growth of Global Excel. Naturally, together with my father, I will continue to actively advise and counsel the entire Executive Leadership Team (ELT).”

Phil Hibbert said: “Global Excel’s vision may be a simple one in words but remains more complex in reality: to be the world’s most trusted health risk management solutions organization. As Global Excel continues to expand geographically, grow our client base and add to the range of services we provide, one of my key mandates will be to continue providing true tangible value to our corporate clients and their members. Together with the ELT, I’m looking forward to this exciting new challenge. Since joining Global Excel a little over a year ago, I believe we have continued to cultivate a talented leadership team, implement essential process and system changes, and improved the market position of Global Excel for long-term growth. I look forward to continuing my work with Reg, Steve and the entire ELT in my new capacity.”

If you have any questions, please feel free to reach out to your sales representative or account manager.

Best regards.

Executive Leadership Team

Global Excel Management

• Business Partners
• Policyholders and Claimants
• Career Opportunities
• Locations and Contact
• Portal Login
• Provider Search
• Online Claim Status
• Pharmacy Program

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

Expert Travel Financial Security

Photos & videos, location & hours.

Suggest an edit

73 Rue Queen

Sherbrooke, QC J1M 1J3

Recommended Reviews

• 1 star rating Not good
• 2 star rating Could’ve been better
• 3 star rating OK
• 4 star rating Good
• 5 star rating Great

Select your rating

Other Insurance Nearby

Find more Insurance near Expert Travel Financial Security

Related Cost Guides

Auto Insurance

Currency Exchange

Financial Advising

Home and Rental Insurance

Life Insurance

Tax Services

• 4 More Cost Guides

• Insurance - Life
• 625, av du Président-Kennedy

Expert Travel Financial Security (ETFS) Inc

Expert travel financial security (etfs) inc - 625, av du président-kennedy, montréal, qc.

Situated at 625, av du Président-Kennedy near you, Expert Travel Financial Security (ETFS) Inc is a merchant included in the insurance - life section of Canpages.ca online directory.

Please call 514-874-9203 to contact Expert Travel Financial Security (ETFS) Inc that is close to your area.

Finally, feel free to share this with your contacts by clicking Facebook or Twitter icons.

Opening Hours

Monday 9:00 am - 5:00 pm

Tuesday 9:00 am - 5:00 pm

Wednesday 9:00 am - 5:00 pm

Thursday 9:00 am - 5:00 pm

Friday 9:00 am - 5:00 pm

Saturday 9:00 am - 5:00 pm

Sunday 10:00 am - 4:00 pm

• Insurance - Health & Accident
• Insurance - Travel
• Scarborough
• Mississauga
• Quebec City
• Pet Grooming
• Tanning Salons
• Fitness Centers
• Restaurants
• Car Repairs
• Electricians
• Beauty Salons
• Chiropractors

M&A Deal Summary

Rsa acquires expert travel financial security, on june 14, 2011, rsa acquired insurance company expert travel financial security, acquisition highlights.

• This is RSA’s 16th transaction in the Insurance sector.
• This is RSA’s 3rd transaction in Canada.
• This is RSA’s 2nd transaction in Quebec.

Expert Travel Financial Security

Search 193,711 deals now.

• Buyer Type (PE or Strategic)
• Deal Size ($10M to $10B+)
• Sector (60 Sectors)

Try For Free 7-Day Free Trial

DESCRIPTION

RSA is a multinational quoted insurance group. RSA has core operations in the UK, Scandinavia, Canada, Ireland, and Latin America, and has the capability to write business in around 140 countries. RSA is focusing on general insurance. RSA is based in London, the United Kingdom.

PREVIOUS DEAL

Following deal.

• Mergr for Salesforce
• Mergr Data Direct
• Mergr M&A Archive

View the Brochure (Summary of the Plan) View the Policy Wording View the Application with Price List

Purchasing This Product

Purchasing this product is very easy. The application is simple to fill out, and there are no medical questions.

We will acknowledge receipt of your application by email, process it , and EMAIL ALL DOCUMENTS relating to your coverage. A valid, working email address must be used to receive confirmation of coverage and the documents.

Michael F. Murphy Financial Consulting

Toll Free Phone (Canada & U.S.): 1-877-962-0224 Toll Free Fax (Canada & U.S.): 1-877-962-3444 Phone from Outside Canada & U.S.: 1-902-462-0224 Fax from Outside Canada & U.S.: 1-902-462-3444

Expert Travel Financial Security (Etfs) Inc

• Create my rating
• Add a photo
• Share Facebook X Whatsapp Email

Phones and Address

Business hours, photo gallery, payment methods, about the business, ask the community, telephone numbers.

Be the first to add photos!

This business has not yet reported their payment methods.

No one from the community has asked anything yet, be the first to ask.

No review has been made yet.

Claim and take control of your business

La Croix Bleue

Les services financiers di stasio financial inc, insurance ngo van tan financial planner, standard life, the great-west life assurance company montreal small groups, kfl & a public health travel clinic.

• Business & Commercial Insurance
• Employee Benefits Insurance
• Health Insurance
• Insurance Professionals
• Life Insurance
• Property & Casualty Insurance
• Title Companies
• Travel Insurance

Find in the Telephone Directory all the information and services about Expert Travel Financial Security (Etfs) Inc in Montreal .

Check the contact phone and address in Montreal, Quebec and directions for how to get there.

Find out about opening hours .

If you have doubts ask the community .

Comment, rate and know business reputation.

• Travel, Life, Health Insurance

Expert Travel Financial Security (ETFS) Inc in Montréal

Expert travel financial security (etfs) inc.

• Improve the company profile of Expert Travel Financial Security (ETFS) Inc
• Appear higher in our search results
• Get more clicks and more calls
• Know when someone writes a review
• Claiming is free, and only takes minutes
• Claim / Edit Business

• fr Passer en français / Switch to French language
• 514-874-9203 Primary

Expert Travel Financial Security (ETFS) Inc

• Like this business? Add a photo

Opening Hours *Holiday hours

Social media.

• Write a review
• Suggest an update

Ratings & Reviews - Expert Travel Financial Security (ETFS) Inc

Get an opinion about this business.

Think your friends might be familiar with this business? Ask your friends on Facebook to see what they think.

• Health, Travel & Life Insurance |
• Health, Travel & Life Insurance in QC |
• Health, Travel & Life Insurance in Montréal |
• Health, Travel & Life Insurance in Downtown |
• Montreal Island Centre |
• People search
• Get a free listing
• Advertise with us
• Download the app

Royal & Sun Alliance snaps up Canadian travel insurer

RSA Insurance Group PLC is buying Expert Travel Financial Services Inc., one of Canada's largest distributors of travel and health insurance

You can save this article by registering for free here . Or sign-in if you have an account.

Article content

RSA Insurance Group PLC is buying Expert Travel Financial Services Inc., one of Canada’s largest distributors of travel and health insurance.

Officials at RSA Canada said the deal — the price was not disclosed — is a strategic move aimed at creating a more vertically integrated business.

Royal & Sun Alliance snaps up Canadian travel insurer Back to video

“This is an opportunity to grow in travel insurance by integrating distribution [with RSA’s existing underwriting business],” said Mike Wallace, senior vice president of personal and specialty insurance at RSA Canada. “Expert Travel have a fantastic sales force and we see the ability to leverage that and to capitalize on opportunities in the Canadian marketplace.

Subscribe now to read the latest news in your city and across Canada.

• Exclusive articles from Barbara Shecter, Joe O'Connor, Gabriel Friedman, Victoria Wells and others.
• Daily content from Financial Times, the world's leading global business publication.
• Unlimited online access to read articles from Financial Post, National Post and 15 news sites across Canada with one account.
• National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
• Daily puzzles, including the New York Times Crossword.

Create an account or sign in to continue with your reading experience.

• Access articles from across Canada with one account.
• Share your thoughts and join the conversation in the comments.
• Enjoy additional articles per month.
• Get email updates from your favourite authors.

Sign In or Create an Account

The deal comes less than two weeks after Intact Financial Corp. unveiled its $2.6-billion acquisition of AXA Canada, part of a wave of consolidation that has hit this country’s property and casualty insurance sector over the past few years.RSA Canada, a subsidiary of UK-based RSA Insurance Group PLC, is one of this country’s largest property and casualty insurers and among the top three travel insurers. Last year the company wrote $1.9-billion in direct premiums.

Expert Travel Financial Services (ETFS) is a leading provider of travel and other specialized insurance products.

“This is part of our long-term strategy of consolidating the Canadian insurance industry, and I would say this is not the last one we’ll do,” said Mr. Wallace.

Under the deal, ETFS subsidiary Global Excel Management Inc., a provider of case management and cost containment services, will remain independent.

Postmedia is committed to maintaining a lively but civil forum for discussion. Please keep comments relevant and respectful. Comments may take up to an hour to appear on the site. You will receive an email if there is a reply to your comment, an update to a thread you follow or if a user you follow comments. Visit our Community Guidelines for more information.

Mortgage lenders offering 'extreme discounts' behind the scene: Robert McLister

Would-be homebuyers are in limbo and only the bank of canada can free them, canada's home sales and prices fall as sellers return to market, posthaste: canada's standard of living on track for worst decline in 40 years, capital gains tax hike proposal should be delayed, if not scrapped altogether.

This website uses cookies to personalize your content (including ads), and allows us to analyze our traffic. Read more about cookies here . By continuing to use our site, you agree to our Terms of Service and Privacy Policy .

You've reached the 20 article limit.

You can manage saved articles in your account.

and save up to 100 articles!

Looks like you've reached your saved article limit!

You can manage your saved articles in your account and clicking the X located at the bottom right of the article.

Life Insurance

Investments, referral programs.

Insurance Plans

Protection of pay chq /provide life style.

• Term Insurance • T-100 Insurance • Whole life Insurance • Universal Life Insurance • Business Life Insurance

Disability Insurance

Critical illness insurance, health, dental, drugs & group plans, super visa, vtc and travel, final/funeral insurance, investment plans, investments: save and grow money, resp(registered education savings plan), rrsp(registered retirement savings plan), tfsa(tax free savings account), nri(non-registered investments), rpp(db,dc,lira,lif,rif).

Provide Financial Solutions:

Debt elimination planning, retirement planning, retirement income planning, estate planning, business succession planning, other plans, referral program, heloc/collateral loans, home & auto, every day banking, saving and chq account.

Benefits of Insurance and Investment Plans

Family protection.

Your life insurance policy can provide your beneficiaries with a lump-sum payment, which can be used to pay for your estate expenses.

Child Education

A child education plan is an investment plan that helps child to pay higher education Tuition, school supplies, food, housing etc..

Financial Security

Financial goals.

Insurance provides financial protection by compensating for the losses you face due to covered emergencies.

Tax Benefits

The death benefit amount provided by insurance companies are tax free to their beneficiaries.

Retirement Plans

Retirement plans substitute your income and ensure that you have a financial support to rely on in your older years.

Explore our expert

Our partners.

Frequently Asked Questions

Risk Management: Insurance helps individuals and businesses manage the financial risk of unexpected events. By transferring the risk to the insurance company, policyholders can protect themselves against the financial impact of potential losses, such as property damage, liability claims, or unexpected medical expenses.

Financial Security: Insurance provides financial security and peace of mind to individuals and families by providing a safety net against unforeseen events. It can help protect against the financial burden of unexpected medical bills, property damage, or loss of income due to disability or death.

Business Continuity: Insurance can help businesses recover from unexpected events and continue their operations. For example, property insurance can provide funds to repair or replace damaged equipment, while liability insurance can protect a business against lawsuits and legal claims.

Legal Protection: Insurance can also provide legal protection and assistance. Some policies include legal defense coverage, which can help policyholders pay for legal expenses if they are sued.

Access to Healthcare: Health insurance provides access to healthcare services and can help individuals manage the high costs of medical treatment.

Life Insurance: Provides financial support to the policyholder's family or beneficiaries in the event of their death. It can help cover funeral costs, pay off debts, and provide ongoing support to loved ones.

Health Insurance: Helps individuals manage the costs of healthcare, including medical expenses, prescription drugs, and hospitalization.

Disability Insurance: Provides financial support to individuals who become disabled and unable to work. It can help cover living expenses and medical costs during the period of disability.

Auto Insurance: Protects drivers against financial losses resulting from car accidents, theft, or damage to their vehicle.

Homeowners Insurance: Provides financial protection to homeowners against damage to their property caused by perils such as fire, theft, or natural disasters.

Renters Insurance: Protects renters against financial losses resulting from damage to their personal property, liability claims, and other covered perils.

Liability Insurance: Provides protection against legal claims and lawsuits resulting from injury or property damage caused by the policyholder.

Business Insurance: Provides protection to businesses against financial losses resulting from unexpected events such as property damage, liability claims, and loss of income.

Travel Insurance: Provides coverage for medical expenses, trip cancellations, lost luggage, and other unexpected events that can occur while traveling.

The best travel insurance depends on the client’s situation. Also, the best protection coverage depends on whether the client is leaving or entering the country. We have data about travel insurance companies that we can analyze depending on the client’s coverage needs/wants. We offer the best based on the client’s information. 

Education Savings Plans: Some insurance companies offer education savings plans that allow parents to save money for their child's education. These plans can provide tax benefits and allow parents to accumulate funds over time to pay for tuition, books, and other educational expenses.

Life Insurance: Life insurance policies can also be used to help fund a child's education. In the event of the policyholder's death, the death benefit can be used to pay for educational expenses.

Disability Insurance: Disability insurance can help protect a family's income in the event that a parent becomes disabled and unable to work. This can help ensure that the family can continue to save for their child's education and meet other financial obligations.

Liability Insurance: Liability insurance can protect parents from financial losses resulting from legal claims or lawsuits. This can help prevent the depletion of education savings or other funds that may be needed to pay for educational expenses.

Request a Qoute?

We Protect You and Your Family's Future

We Offer Financial & Superior Services

A small river named Duden flows by their place and supplies it with the necessary regelialia. It is a paradisematic country, in which

Rakesh Kumar, Senior Manager

3015 5th avenue, ne calgary, alberta t2a 3t8, canada, [email protected], license from alberta, british columbia, ontario and manitoba, 1 403-850-0968.

Rakesh Kumar Broker Agent Through Experior Financial Group

Privacy Policy

© Copyright The Expert Financials

Expert Travel Financial Security (e.t.f.s.) Inc. · Voyage Expert SÉcuritÉ FinanciÈre (e.t.f.s.) Inc.

73 rue queen, lennoxville, qc j1m 1j3.

EXPERT TRAVEL FINANCIAL SECURITY (E.T.F.S.) INC. (also known as VOYAGE EXPERT SÉCURITÉ FINANCIÈRE (E.T.F.S.) INC. ) is a federal corporation in Lennoxville, Quebec incorporated with Corporations Canada, a division of Innovation, Science and Economic Development (ISED) Canada. The entity was incorporated on October 11, 1985 with corporation # 1981315 . The current entity status is . The registered office location is at 73 Rue Queen, Lennoxville, QC J1M 1J3 . The directors of the corporation include Reginald Allatt , Steve Allatt and Brian Allatt .

Corporation Information

Corporation directors, corporation changes history, annual return filings, corporations with the same name, officer information, corporations with the same officer (brian allatt), corporations with the same officer (reginald allatt), corporations with the same officer (steve allatt), location information.

Corporations in the same location

Corporations in the same postal code, similar entities, corporations with similar names, improve information.

Do you have more infomration about Expert Travel Financial Security (e.t.f.s.) Inc. ? Please fill in the following form.

Dataset Information

This dataset includes over one million business and not-for-profit entities incorporated with Corporations Canada, a division of Innovation, Science and Economic Development (ISED) Canada. Corporations Canada is Canada's federal corporate regulator, responsible for administering laws regarding the incorporation of Canadian businesses, except for financial intermediaries. Each corporation is registered with corporation number, corporate name, office address, current status, directors, annual filling dates, etc.

Dataset Details

What is in the 2024 federal budget for age pensioners?

The 2024 federal budget has been handed down, with Treasurer Jim Chalmers spruiking cost-of-living relief measures. 

Here's what the budget means for seniors on the age pension. 

What's in the budget for pensioners?

In his speech, Mr Chalmers made few mentions of pensioners.

He didn't call out any budget measures that were specifically for people on the age pension.

However, here are three key items that could have an impact: 

Deeming freeze

There will be a freeze on social security deeming rates for another financial year — that's just extending a freeze that was already in effect. 

Explain deeming rates to me

You might remember that  both parties pledged to halt deeming rates back in 2022  as they were heading into the federal election. 

Mr Chalmers said this extension of the freeze would benefit 450,000 aged pensioners.

But this is something that will only benefit pensioners who get income from deemed financial investments. 

There will also be a freeze on the cost of medications on the Pharmaceutical Benefits Scheme (PBS) for the next five years. 

So that means that medications will continue to cost $7.70. 

Changing Medicare levy thresholds

The government will increase the Medicare levy low-income thresholds. 

The goal of this is to ensure "low-income individuals continue to be exempt from paying the Medicare levy or pay a reduced levy rate," the budget papers say . 

For single seniors and pensioners, the threshold has been increased from $38,365 to $41,089 The family threshold for seniors and pensioners has been increased from $53,406 to $57,198

But they're only being increased to keep up with inflation — not as a major policy change. 

Is there a special payment for pensioners?

No, there was no announcement about a specific payment for pensioners. 

Pensioners will benefit from a $300 reduction in power bills, but this is something every household will get.

The energy rebates are not payments — they'll be deducted from power bills.

And keep in mind that they'll be applied in quarterly instalments, not all in one hit.

So your next quarterly power bill will likely be $75 cheaper, not $300 cheaper.

Will the age pension be increased?

There was no announcement about increasing the age pension. 

Pensions are typically increased twice a year to reflect changes in pensioners' costs of living and wage increases.

The last increase was in March , when age pensions were increased by $19.60 a fortnight for singles and $29.40 a fortnight for couples.

What is deeming?

It's part of the income test for Centrelink payments, including the age pension.

Deeming is a set of rules the government uses to work out how much income people earn from their financial assets — things like shares, superannuation and bank accounts. 

It assumes people receive a set income from the interest on those investments, whether they actually get that much or not.

But here's the kicker: if your investment return is higher than the deemed rate, the government doesn't count that extra money as part of your income.

That means anything you earn above that rate isn't counted in the income test for the age pension.

So, the lower the deeming rate, the more people can earn from their investments without it affecting their pension payments.  

Editor's note (15/05/2024): An earlier version of this story incorrectly stated that pensions are typically increased four times a year. Pensions are indexed twice a year — in March and September. The article has been updated to reflect this.

Take me back to the top of the article

• X (formerly Twitter)

Related Stories

Every household to get $300 credit for energy bills as government vows move will reduce inflation.

Stage 3 tax cut changes come into effect on July 1. Use our calculator to see how much you'll save

Much of Chalmers's success will rest on just one budget measure that economists will hate

• Cost of Living

• Licenses and Certificates

About Positive Technologies

Positive technologies: products and services.

Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 4,000 organizations worldwide use technologies and services developed by our company.

Positive Technologies is the first and only cybersecurity company in Russia publicly available on the Moscow Exchange (MOEX: POSI), with 205,000 shareholders and counting.

Our new class of solutions—metaproducts—focuses on the results-oriented approach to cybersecurity. Positive Technologies first metaproduct, MaxPatrol O2, automatically detects and prevents attacks before non-tolerable damage is done to the company. MaxPatrol O2 can replace the entire team of a security monitoring center, and it only takes one person to manage it. This protection system requires minimum knowledge and effort from a specialist.

To demonstrate that the results-oriented approach to information security truly works, we conduct cyberexercises (on our own infrastructure as well as others’) and publicly test our products. Our solutions are based on 20 years of research experience and expertise of several hundred information security experts.

Positive Technologies products and services help to:

We have seven Russian offices located in Moscow, St. Petersburg, Nizhny Novgorod, Samara, Novosibirsk, Akademgorodok, and Tomsk, and one office in Kazakhstan. The team has over 1,800 employees, including world-class experts specializing in the protection of SCADA and ERP systems, banks and telecommunications, as well as mobile and web applications.

Positive Technologies is highly rated by international analytical agencies: the company is a three-time recipient of Visionary status in the Gartner Magic Quadrant for Web Application Firewalls (WAF).

We have provided cybersecurity for the following events:

• 2013 Summer Universiade in Kazan
• 2014 Sochi Olympic Games
• 2018 FIFA World Cup
• 2018 Russian presidential elections
• 2019 Winter Universiade in Krasnoyarsk
• 2020 Russian constitutional referendum
• 2021 Russia's State Duma elections

Positive Technologies is known globally as a visionary and a leader in the field of ethical security research. Each year our experts identify hundreds of zero-day vulnerabilities in IT systems of various classes and types, including products by Cisco, Citrix, IBM, Intel, Microsoft, and VMware. For detecting dangerous vulnerabilities, our experts have been added to the halls of fame of such companies as Adobe, Apple, AT&T, GitLab, Google, IBM, Mastercard, Microsoft, PayPal, VK, and Yandex. All detected vulnerabilities are reported to software vendors as part of the responsible disclosure policy and are not published until the vendors release the required updates.

We readily share what we know about information security:

• For 12 years we have been holding our own research and practical forum Positive Hack Days. As one of the largest information security events in Russia and the CIS, it is attended by thousands of people who care about cybersecurity: IT and infosec experts, business and government representatives, security researchers and white hats, pupils and students. Over Positive Hack Days, hundreds of talks and workshops are held, covering the most interesting topics in information security, while competitions add excitement to analysis of protection of industrial control systems, banking and mobile services, and web apps. In 2023 the forum was held for the first time in the format of an open cybersecurity festival and brought together infosec experts, technology developers, as well as residents and guests of Moscow.
• We actively develop educational programs for leading universities and help prepare students to get a head start in their careers: Positive Education materials written by our company’s experts are used at over 65 universities.
• We hold the world’s largest cyberbattle, Standoff, which brings together the best Russian and foreign experts in both offensive and defensive cybersecurity. The cyberrange contains full-fidelity replicas of the production chains, business scenarios, and technology landscape typical of different industries. Experts analyze the odds of non-tolerable events being triggered and ways to prevent them.

Positive Technologies products

Positive technologies services.

Thanks to 20 years of experience in large-scale penetration testing and source code analysis, our experts have enormous experience with vulnerabilities in areas as diverse as telecoms systems, e-banking, ERP, and ICS/SCADA. We know the real-world methods that hackers use, so we can offer the most effective solutions for assessing client security and the most robust protection solutions.

As for providing consulting services, the Positive Technologies group is an expert in information security comprehensive audit, applications and web systems security assessment, incident investigation at critical infrastructures, penetration testing, and deployment of security monitoring processes.

We find over 80 zero-days every year

200+ types of vulnerabilities identified during pentests every year

500+ web and mobile application security audits

24x7 client support

20+ pentests per year make our experience one-of-a-kind

50 infrastructure hack investigations performed yearly

PT ISIM listed in the Gartner OT Security Market Guide

100+ e-banking vulnerabilities found every year

10+ e-banking security audits every year

Three times Visionary in Gartner Magic Quadrant for Web Application Firewalls

One of the world's largest security research centers

20 years of practical experience on the security market

One of the world's largest vulnerability knowledge bases

PT Application Firewall and MaxPatrol are Common Criteria conformant

Over 200 security audits of corporate systems performed every year

Our speakers present at Defcon, Black Hat, CCC, PacSec, CanSecWest, HITB, SAS and others

We find 800+ vulnerabilities in web applications every year

We find 31,000 vulnerabilities on average in corporate systems

150+ zero-days in SCADA systems identified and responsibly disclosed to manufacturers

Our experts perform over 40 security audits of web applications every year

We’re sorry, this site is currently experiencing technical difficulties. Please try again in a few moments. Exception: request blocked

Russia arrests top cybersecurity executive in treason case

• Medium Text
• Founder of cybersecurity firm accused of state treason
• Executive faces up to 20 years jail, denies charge, TASS says
• Arrest sends chill through IT, business community

Sign up here.

Reporting by Anton Kolodyazhnyy, Anton Zverev, Alexander Marrow; Writing by Tom Balmforth Editing by Andrew Osborn and Nick Macfie

Our Standards: The Thomson Reuters Trust Principles. New Tab , opens new tab

Thomson Reuters

Anton Zverev is a part of an award-winning team of investigative reporters who focus on Russia and its war in Ukraine. He has been covering the conflict since the Donbass uprising in 2014, having investigated the MH17 crash site, Russian military and mercenary activities in Ukraine and Syria, and the Kremlin’s preparations for the full-scale invasion of Ukraine in 2022. Since the invasion, the team has uncovered details of killings in Bucha and the expulsion of dozens of toddlers from Ukrainian orphanages, and it has also uncovered a network of Russian proxies in Germany helping to turn public opinion against Kyiv. Previously, Anton led a Moscow-based team of Reuters investigative reporters that covered political, economic and health issues in Russia. He’s now based in the United Kingdom.

Technology Chevron

Musk arrives in indonesia's bali for planned starlink launch.

Tycoon Elon Musk arrived on the Indonesian island of Bali on Sunday ahead of the planned launch of SpaceX's Starlink internet service, which the Indonesian government hopes will boost internet penetration and health services in remote parts of the sprawling archipelago.

• Security and Defense
• Authoritarian Threats
• Technology and Innovation
• Our Fellows
• State of the Alliance
• Transcripts
• Latest Commentary
• Comprehensive Reports
• Europe’s Edge
• Transatlantic Tech Policy Tracker
• Behind the Lines
• Work With Us

Russian Cyberwarfare: Unpacking the Kremlin’s Capabilities

In the unsettling landscape of Russia’s ongoing war in Ukraine, cyber remains one of the most enduring mysteries.

1. Overview

Even before Russian troops invaded Ukraine in February, many experts in the West, in Ukraine, and in Russia believed Moscow would use cyberattacks to inflict major damage on Ukraine prior to or after the start of the military offensive. Indeed, Russia has extensive and formidable cyber capabilities. Reality, however, has played out differently.

Exactly why cyber has not been a consequential front in Russia’s invasion of Ukraine is unknown. It may be that Ukrainian cyberspace proved to be much better protected than some thought. Or it may be that Russia did not use its offensive cyber capabilities because the Kremlin interfered in every aspect of the preparation of the war, from military planning to cyber activities. The Kremlin wanted the invasion to play out as a “special operation” (in the Kremlin’s words), not a conventional military offensive. In this, as in much else, the Kremlin greatly miscalculated.

While an answer to the mystery of Russian cyber successes and failures in and around Ukraine is beyond the scope of this report, the case is nonetheless instructive, underlining the importance of understanding how Russian cyber operations are governed. The political element has always been decisive in the Russian cyber playbook, much more so than in other parts of the Russian security state. It, thus, comes as no surprise that over the years the command-and-control structure managing Russian cyber operations has developed into something very different.

The list of Russian cyber actors is long and complicated. It includes private entities, both legitimate and criminal, alongside traditional security services, the military, and the top political level where decisions are made. The relationship among these actors has changed quite significantly in the past six years. This report is an attempt to map the Russian cyber landscape and to help understand the intricate web of cyber actors.

Key Russian cyber actors include:

• The FSB: The Federal Security Service (Federalnaya Sluzhba Bezopasnosti; FSB) is a major domestic security and intelligence agency. In cyber, the FSB’s capabilities are divided between those the agency has been building since the late 1990s (the 18th Center, or Information Security Center) and the capabilities the FSB acquired in 2003 when it absorbed several departments of the Russian electronic intelligence (ELINT) agency, the Federal Agency for Government Communications and Information, or FAPSI (the 16th Center of the FSB or the Center of Electronic Intelligence in Communications).
• The SVR: The Foreign Intelligence Service (Sluzhba Vneshney Razvedki; SVR) is Russia’s spy agency, a direct successor to the foreign intelligence branch of the KGB. The agency never went through any structural reforms, but its capabilities were significantly expanded in the 2010s, including in cyber.
• The military: The cyber capabilities in Russia’s military are run by two directorates within Russia’s General Staff: the GU (or the Main Intelligence Directorate and the 8th These two directorates run operations and supervise Russian cyber troops and the military research and development effort. Cyber command was never launched despite several attempts in the early 2010s.
• The Presidential Administration: The direct successor to the Central Committee of the Communist Party, the Presidential Administration supervises Russia’s intelligence and security services. An integral part of the administration is Russia’s Security Council, which provides strategic thinking in all areas of national security, including cyber; it is also a government body tasked with maintaining contact with its Western counterparts, including a cyber “red line” between Moscow and Washington.
• Private cybersecurity companies: These companies are tied into Russia’s cyber effort via networks of official and unofficial contacts. Their role is to provide expertise and help with recruitment efforts.

Despite this broad range of actors involved in cyber operations on various fronts, Russia doesn’t have a unified cyber command. Rather, coordination with the political decision-makers is done at the Presidential Administration level, with Russia’s Security Council an integral part of the process. Moreover, unlike in the conventional field of operations, there is no strict division of labor between the agencies in the cyber domain. Agencies traditionally focused on foreign targets have attacked domestic targets (including nongovernmental organizations, journalists, and the Russian opposition). Outside Russia, the military has targeted political and private industry and the SVR and FSB have attacked military targets, and vice versa.

While reliable data are limited, this report delves deeply into the history and evolution of Russia’s cyber actors, revealing a remarkably fluid and informal landscape, which is often difficult to interpret and navigate even for those who operate within it. What emerges is a system of cyber operations that is:

• Coordinated through a set of political processes centered on the Presidential Administration and the Security Council, rather than a traditional, military-style command structure;
• Characterized by significant overlap in mission and capability, often leading to competition for resources and sometimes to problems of coordination and conflict;
• Subject to a significant degree of informality and political maneuvering, as different actors report to the Presidential Administration and Security Council via different channels and with differing degrees of accountability; and
• Heavily dependent on the private sector for training, recruitment, and technology, leading to a high degree of informal interagency integration at the grassroots level.

The United States and Russia have clashed for years over what terminology to use: “information security,” promoted by Russian officials, versus cyber, used by the United States. The Russian approach is more expansive and includes both psychological and technical elements, but essentially what the Kremlin means is control over online content — i.e., censorship.

2. History & Development

2.1. origins.

Today’s cyber command-and-control systems originated in the Soviet Union’s signals intelligence (SIGINT) bureaucracy.

Throughout the Soviet period, two intelligence agencies were involved in breaking codes. The KGB had the 16th Directorate, in charge of intercepting and deciphering foreign communications. The General Staff of Armed Forces had the 8th Directorate and the Special Service of the GRU. Two agencies together ran Soviet SIGINT (which did not intercept text or speech but focused on identifying radio signals) and ELINT (which intercepted text and speech, i.e., content) centers abroad, including a facility at Lourdes in Cuba, which monitored and intercepted radio communications in the United States. 1

Soviet military codebreakers were trained at the Krasnodar Higher Military School named after General of the Army S. M. Shtemenko — the school was supervised by the 8th Directorate of the General Staff. 2   The personnel for the 16th Directorate of the KGB were taught at the KGB Higher School, the Fourth (Technical Department) in Moscow. The Fourth Department of the KGB Higher School had a better reputation and attracted students from three Soviet agencies that sent their recruits to study cryptography: the KGB, the Ministry of Defense, and the Ministry of Radioelectronic Production.

The KGB and GRU actively recruited talent in civilian universities known for their excellent math programs — the Moscow State University’s departments of Physics and Math and Mechanics and Math (the latter had helped to form the Fourth Department of the KGB Higher School), Moscow Engineering Physics Institute (MEPhI), and Moscow Institute of Physics and Technology (MFTI or PhysTech).

This system largely survived the collapse of the Soviet Union.

2.2. The 1990s: The FAPSI Monopoly and Connection to the Cyber Industry

The KGB was restructured when the Soviet Union dissolved in late 1991. The 16th Directorate, along with several departments in charge of providing secure communications for party bosses, became the Committee of Government Communication. In December 1991, it was renamed as the FAPSI. 3   The idea was to create a Russian analogue of the US National Security Agency (NSA), but the FAPSI was also entrusted with conducting public opinion polls — for the Kremlin’s eyes only — and, later on, with providing digital security for Russian elections.

The system of training and recruitment remained the same — the Fourth Department of the KGB Higher School, which was renamed as the Institute of Cryptography, Telecommunications and Computer Science (IKSI) within the FAPSI, and the FAPSI kept recruiting at MEPhI, MFTI, and Moscow State University. In 1996, the FAPSI sponsored the establishment of the Educational and Methodological Association of Higher Educational Institutions on Information Security (UMO IB) under the auspices of the IKSI.

The FAPSI was structured into six main directorates. The most important was the 3rd Directorate — the Main Directorate of Electronic Intelligence in Communications (Glavnoye Upravlenie Radioelectronnoi Razvedki Na Setyah Svyazi; GURRSS), in charge of spying on foreign telecommunications. The 3rd Directorate was the former 16th Directorate of the KGB.

Between 1995 and 1998, the 3rd Directorate was led by Vladislav Sherstyuk, a KGB officer since 1966 and a graduate of the Physics Department at Moscow State University. Sherstyuk would play a major role in Russia’s approach to cyber issues for decades.

Sherstyuk saw military action in the First Chechen War — he was put in charge of the FAPSI’s task group deployed to Chechnya, and he organized the interception of the Chechens’ communications.

In 1998, Sherstyuk was named head of the FAPSI. 4   The same year the FSB — the major domestic counterintelligence and counterterrorism agency — under the leadership of a new director, Vladimir Putin, entered the cyber field. In the Central Apparatus of the FSB, a new unit called the Directorate of Computer and Information Security (UKIB – Upravlenie Kompyuternoy I Informatsionnoy Bezopasnosti) was formed. It was subordinate to a larger department of counterintelligence. The UKIB was housed in a blockish, looming structure that was once the KGB’s Computation Center, on the corner of Lubyanka Square and Myasnitskaya Street in Moscow. The FAPSI was headquartered in a stark, modern terraced building with giant antenna globes on the roof not far from Lubyanka Square, on Bolshoy Kiselny Lane.

In the Armed Forces, the General Staff’s 8th Directorate was still operational, but it lacked resources. Both the FSB and the military’s cyber capabilities were largely overshadowed by the FAPSI.

The early 1990s also saw the emergence of private cyber companies, like Kaspersky Lab, where the management had worked for the KGB. Kaspersky Lab CEO Evgeny Kaspersky himself had graduated from the Fourth Department of the KGB Higher School. 5   Thanks to their KGB background, those companies cultivated close relations with the security services and law enforcement agencies. What helped the FAPSI cultivate those relationships was that over the years the agency had been creating an industrial empire engaged in information security. The FAPSI was also in charge of licensing information security software — firewalls, cryptography, and so on — which meant that private companies needed to cooperate with it to get licenses. 6

The period from 1998 to 1999 was probably the most influential time for the FAPSI.

In May 1999, Sherstyuk was transferred to the Security Council as its first deputy head. In December, he was appointed to preside over the information security section. 7   That section became the main unit where the cyber and information security concepts were implemented. One of the brains behind it was Anatoly Streltsov, a former KGB colonel.

Both Sherstyuk and Streltsov understood that they needed a research facility on cyber political issues that would help them engage in political decision-making on cyber. Thus, a department was created within Moscow State University under Sherstyuk and Streltsov’s supervision which soon became the Institute for Information Security Issues. This institute emerged as a major think tank that defines Russian foreign policy on information security.

In 2000, Sherstyuk and Streltsov’s team composed the “Doctrine of the Information Security of the Russian Federation,” which included a broad list of threats, ranging from “compromising of keys and cryptographic protection of information” to “devaluation of spiritual values,” “reduction of spiritual, moral and creative potential of the Russian population,” as well as “manipulation of information (disinformation, concealment, or misrepresentation).” 8

Throughout the 1990s, the FAPSI and officials affiliated with it controlled the Russian cyber domain by training, conducting operations, co-opting the private cyber industry, and establishing government cyber policies.

2.3. The 2000s: The FSB Takes Over

2.3.1. structural changes.

The early 2000s saw a massive and rapid expansion of the FSB, including into the cyber arena.

On March 11, 2003, President Putin split the FAPSI between the FSB, the SVR, and the Federal Protective Service (FSO), in charge of providing protection for him and other high-level officials.  9

Government communications and polling of public opinion were considered such a sensitive domain they were given to the FSO to supervise — and within that agency, the Service of Special Communication and Information (Sluzhba Specialnoy Svazyi I Informatsii; SSSI). The 3rd Directorate was moved to the FSB and became the 16th Center of the FSB (the Center of Electronic Intelligence in Communications). The regional ELINT units of the FAPSI were reorganized into the FSB Information Reception Centers.

In 2004, the FSB underwent administrative reform just like the rest of the federal agencies. Departments were renamed as services, and the UKIB was turned into the Information Security Center (TsIB or Centr Informatsionnoy Bezopasnosti) or the 18th Center of the FSB. The new center remained within the Service of Counterintelligence.

The FSB was divided into two large parts. The operations departments carried out counterintelligence, intelligence, counterterrorism, and other activities, whereas the support side of the organization included such activities as creating and providing special technical equipment and meeting other material needs. The TsIB was situated in the operations department, which was the most proactive. It was involved not only in the technical protection of computer networks but also in active operational surveillance, clandestine activity, and intelligence collection on the Internet. Inside the TsIB, the Operative Directorate was created to conduct operations.

The SVR founded a scientific production center, Delta, to conduct research and development (R&D) on cyber issues.  10 Delta was subordinate to the Directorate of Informatization of the SVR.

2.3.2. Cyber policymaking

Sherstyuk continued to define cyber policy while at the Security Council, the central body at the Presidential Administration responsible for managing the formulation and execution of security-related policies, though his position changed. In 2004, he was demoted to the position of assistant to the head of the Security Council. He was forced to rely on the FSB’s support since the most important departments of his former agency had been incorporated into the FSB. He also ensured the continued existence of the Institute for Information Security Issues at Moscow State University.

At the Foreign Ministry, Sherstyuk’s team was supported by Andrei Krutskikh, an arms control talks veteran who shared Sherstyuk’s approach to cyber issues detailed in the “Doctrine of the Information Security of the Russian Federation.”  11

The General Staff was sidelined by the FSB, which, for the most part of the 2000s, successfully rebuffed all attempts by the military to expand into the area of cyber.

2.3.4. Modus operandi under development

The 2000s were the period when the first cyberattacks took place beyond Russia’s borders, including an attack on Estonia in 2007. Proxy groups affiliated with the Presidential Administration took responsibility for these attacks. APT29 or Cozy Bear — a Russian hacker group believed by Western cyber experts to be affiliated with either the FSB or SVR — was operational since at least 2008, according to Western experts.

2.3.5. Recruitment and training

The former FAPSI directorates, now within the FSB, continued recruiting from MEPhI, MFTI, and the Physics and Math Department at Moscow State University.

In training, the IKSI, previously within the FAPSI, was placed under the control of the FSB and became part of the FSB Academy.

The national program of training of civilian rank and file was significantly expanded: 73 Russian universities and high schools came to teach information security, united in the UMO IB. The chief institution supervising the association was the IKSI, which defined the UMO IB’s requirements and guidelines. Of the 73 universities and high schools, only five institutions were military; the rest were higher polytechnic schools and state universities across the country.

Training in cyber followed the Soviet model of prioritizing loyalty and technical prowess over ethical considerations, resulting in an effective and devoted cyber workforce. After being recruited, students rarely, if ever, questioned why they were tasked with attacking Western or domestic targets, including Russian journalists and opposition politicians. Once again, the Soviet legacy is to blame. The Soviet Union had the biggest engineering community in the world because of its huge military-industrial complex — a collection of industries and research facilities which worked exclusively for the Soviet army and the KGB. To serve it, Josef Stalin founded dozens of technical schools all over the country. For many decades, Soviet engineers were schooled intensively in technical subjects but rarely had exposure to the humanities. The scope of their education was exceedingly narrow. Unlike medical doctors who were trained in ethics, engineers were not. They were taught to be technical servants of the state. They were also taught secrecy since most of them were meant to work for the military-industrial complex of the KGB. As a result, generations of engineers were trained and worked their entire lives with little understanding of politics or trust of politicians and were suspicious of public activity as a whole. That system was never reformed after the collapse of the Soviet Union. After Putin became president, the Soviet approach to technical education based on secrecy and patriotism was only reaffirmed.

In addition, Russia’s security services adopted a new tactic: approaching Russian criminal hackers and recruiting them. The FSB found itself in a good spot because the TsIB was tasked to prosecute criminal hackers. Thus, they were able to give the hackers a choice: either join the FSB or go to prison. Of course, some accepted and even joined the TsIB. 12   The 2008 Russia-Georgia war only helped to solidify this new approach, but there are reports that some Russian hackers had been recruited even before the war. 13

In 2009, the Education Ministry introduced a new educational standard that institutionalized “information security” as an area of study in Russian universities — cyber became a national priority in Russia’s higher education. 14  

2.4. The 2010s: Explosive Growth

2.4.1. structural changes.

In 2012, Sergei Shoigu was appointed minister of defense. Ambitious and energetic, Shoigu wanted to prove himself as a military expansionist — cyber was a promising domain for increasing military influence. He also wanted his own cyber troops. He correctly identified the potential source of cyber personnel: the country’s extensive network of technical universities.

In July 2013, Shoigu attended a meeting with Russian rectors at the Moscow State Technical University (MGTU) (one of the 73 educational institutions that provided training in information security) and told them of “a start of a major hunt for young programmers.” 15   Later that same year, Russia’s cyber troops were launched and advertised on YouTube, with the Kalashnikov rifle compared to a laptop. 16

The Russian army still largely relied on the draft, and Shoigu tightened the rules for conscripts. It became impossible to avoid military service after graduating from college. When the cyber troops were launched, students in polytechnic universities were presented with a choice: either go to some distant army unit in Siberia or join the cyber troops, where students were used to staff the so-called research companies (military units). The first “research company” was launched at the Military Airforce Academy in Voronezh – one of the five military schools on the list of 73 universities that were providing training in information security.

By 2014, the list of Russian universities teaching information security had expanded to 170. 17

The Russian army skillfully exploited an old, outdated mechanism of draft to recruit the best and brightest among the Russian technical intelligentsia, sidelining the FSB. In the military, training in information security is supervised by the 8th Directorate of the General Staff in coordination with the Military Education Department of the Main Personnel Directorate of the General Staff.

The military also used other recruitment methods developed by the FSB — in 2015, the Capture the Flag (CTF) competitions run by the Association of Chief Information Security Officers (ARSIB, or Assotsiatsiya Rukovoditeley Sluzhb Informatsionnoy Bezopasnosti) got a new sponsor, the Special Development Center of the Ministry of Defense. 18   That center was launched by the Ministry of Defense in 2014 as a leading military cyber facility. 19   That same year, in December 2014, the 8th Directorate of the General Staff founded a research center on information security within the Krasnodar Higher Military School named after General of the Army S. M. Shtemenko. 20   One of the “research companies” was based at the center and supervised by the 8th Directorate and the Science-Technical Committee of the General Staff — the main customers of R&D in the military. 21

2.4.2. Cyber policymaking

The old guard led by Sherstyuk and Krutskikh still controlled Russia’s cyber policy domain, but new actors came into play. First, the FSB delegated the head of the Science-Technical Service (NTS), Nikolai Klimashin, to the Security Council. He replaced Sherstyuk who remained active through his position at the Institute for Information Security Issues at Moscow State University. Klimashin did not have a background at the FAPSI, but he was chosen to supervise the liquidation and absorption of the FAPSI in 2003 (Putin wanted to have just one major intelligence/security agency — the FSB — not a competition of several agencies which his predecessor, Boris Yeltsin, had encouraged). As a result, Klimashin’s NTS now included a department of the absorbed FAPSI, the Main Directorate of Security of Communications (GUPS), which became the 8th Center of the FSB or “the Center for Information Protection and Special Communications.”

The General Staff of the Armed Forces became engaged in the cyber policy debate. One of the leading military cyber experts was Sergey Komov, himself a product of military SIGINT training (Komov attended Kyiv’s military radio-technical school and Govorov’s military radio-technical academy in Kharkiv).

Since the early 2000s, Infoforum, a major Russian cyber conference, has been held in Moscow and later in the other regions. The General Staff has made sure to attend every Infoforum conference since 2013. As a rule, the head or deputy head of the 8th Directorate of the General Staff has been in attendance, sometimes accompanied by the head of the Military Science Committee of the General Staff.

The year 2016 saw the highest point of attention to cyber from the Kremlin. In February 2016, the Infoforum conference opened with a speech by Sergei Ivanov, then the chief of the Presidential Administration. “The powerful potential of such authoritative discussion platforms as Infoforum is fully engaged in solving the issues of ensuring information security,” Ivanov said. Ivanov was a former general of the foreign intelligence branch of the KGB, a close associate of Putin’s, and served as minister of defense from 2001 to 2007. He was also reportedly one of the masterminds of the Russian interference in the US elections in 2016. 22

On August 12, 2016, Ivanov was removed from his position as chief of Putin’s administration (most likely because of the US outcry over the hacking of Democratic National Committee servers), but Putin preserved his seat on the Security Council.

Ever since, no Infoforum conference has been opened by the chief of Putin’s Presidential Administration. It is quite likely that Putin no longer wants a direct connection between the Kremlin and a public cyber event.

2.4.3. Development of recruitment techniques

In 2010, a collection of private cybersecurity companies launched the ARSIB. The ARSIB was led by Victor Minin, a former officer of the KGB and FAPSI. The ARSIB runs the CTF competition at schools and universities in Russia. CTF is a massive, multiday hackathon in which one team defends its server as another team attacks it. 23   Minin told the authors of this report that the CTF competitions were seen by Russia’s intelligence community as a perfect recruitment mechanism.

3. Russia’s Evolving Cyber Command

3.1. russia’s cyber landscape after 2013.

Throughout the turbulent period between 2013 and 2016, marked by Russia’s invasion of Ukraine and illegal annexation of Crimea in 2014 and reckless interference in the US elections two years later, Russian cyber actors went through a series of crises brought on by the Kremlin.

By and large, the traditional actors, foremost the FSB, maintained a dominant role since they were well entrenched in the Russian security bureaucracy, including in positions on the Security Council, the Presidential Administration, and the Foreign Ministry.

Inside the FSB, the TSiB and the 16th Center remained the two most important cyber players.

In information sharing and recruitment/training:

• The TsIB was focused on using the connections between the vast Russian criminal hacking community and Russian private cybersecurity companies, including Kaspersky Lab. The FSB also made the TsIB a contact point with Western counterparts to share intelligence about Russian criminal hacker activity worldwide. The TsIB made amusingly good use of the shared intelligence. It tracked down Russian hackers and sought to recruit them. 24
• The 16th Center relied on its significant cyber capabilities and recruited new talent in Russian polytechnic schools with courses in information security, supervised by the FSB’s IKSI.

The head of the 16th Center, Sergey Buravlyov, held the position of deputy director of the FSB since 2005, and in 2013 he was promoted to the Security Council as deputy secretary, replacing Klimashin. Buravlyov was part of Sherstyuk’s circle. Another one of Sherstyuk’s protégés, Krutskikh, who had been serving at the Foreign Ministry, got a new position. In February 2014, Putin appointed Krutskikh as his special representative for international negotiations on Internet regulation. 25

After the illegal annexation of Crimea in 2014, there was a significant and sudden increase in Russia’s military cyber capabilities.

The Russian army found a way to boost its capabilities both in human resources and expertise. Rank and file were provided via the skillful use of the draft — students in Russian polytechnic schools joined Russian cyber troops in droves. The army also expanded training in cyber at military schools that taught personnel for SIGINT units (in Russian terminology, radio technical intelligence, or OSNAS), like the Higher Military School of Radioelectronics in Krasnoyarsk.

Contracts were also granted to private cyber companies. In 2015, Kaspersky Lab’s software was chosen by the Ministry of Defense as its primary antivirus solution. “By supplying the Kaspersky Business Space Security to the Russian Ministry of Defense through partners, we marked the beginning of a very important cooperation for us,” said Sergey Zemkov, managing director of the Russian office of Kaspersky Lab at the time. 26

The interference in the 2016 US elections (APT29 and APT28) and the resulting backlash from the US intelligence community created a crisis in Moscow where officials blamed one another for getting caught. The TsIB was decimated as a result of purges. Two senior TsIB officers were arrested on charges of treason. The head of the investigations unit at Kaspersky Lab and the head of the TsIB were forced to resign. The head of the TsIB’s deputy also lost his job.

In January 2017, Buravlyov was quietly removed from the Security Council. Contrary to all Kremlin rules, no public announcement was made about his resignation. Buravlyov was replaced by Oleg Khramov, a brutal FSB general with no background in cyber but with experience conducting offensive operations in Ukraine. Apparently, both the TsIB and Buravlyov, who maintained officially sanctioned contacts with Western counterparts, fell victim to the Kremlin’s paranoia.

As a contact point with Western powers, the TsIB was replaced by the 8th Center of the FSB. A national computer emergency response team (CERT), called the National Coordination Center on Computer Incidents, was built in the 8th Center. The 8th Center also originated from the FAPSI, but it was part of the NTS of the FSB; thus, it was not on the operational but rather the support side of the FSB.

Of the two cyber actors within the FSB, the 16th Center (dubbed Berzerk Bear, Dragonfly, and Energetic Bear by Western cyber researchers) emerged as a primary cyber offensive unit. In 2021, US authorities accused three officers of the 16th Center of sending fake e-mails with infected attachments to energy, including nuclear, companies in the United States between 2012 and 2017. According to the indictment, the three officers used spearphishing attacks that targeted more than 3,300 users at more than 500 US and international companies. They also targeted US government agencies such as the Nuclear Regulatory Commission. 27  

3.2. Military’s Cyber Activities

3.2.1. further expansion of the military.

In recent years, the Ministry of Defense has built grand new facilities, like the buildings of the Krasnodar Higher Military School named after General of the Army S. M. Shtemenko and the Elite of the Russian Army (ERA) Technopolis in the Krasnodar region, operational since 2018.

The ERA Technopolis houses eight “research companies,” including the “first research company” launched within the Military Airforce Academy in Voronezh — one of the five military schools on the original list of 73 educational institutions providing training in information security. The Advanced Research Projects Foundation (FPI), established in 2012 as a Russian analogue of the US Defense Advanced Research Projects Agency (DARPA), was also partly relocated to the ERA. 28

The Ministry of Defense also found a new use for the military research facilities not previously associated with cyber.

The Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) has been the major research institution in the Russian military-industrial complex since before the Russian Revolution of 1917, involved in development and production of gunpowder, ammunition, and explosives for the army (in the Soviet Union it was known as NII-6). In 2005, the TsNIIKhM was subordinated to the Federal Technical and Export Controls Service in charge of protecting state secrets from foreign intelligence services via technological means. “This decision was the reason for a radical restructuring of this work, including the organization of new areas of scientific research,” TsNIIKhM’s website declared. 29

On October 23, 2020, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated the TsNIIKhM, pursuant to Section 224(a)(1)(A) of the Countering America’s Adversaries Through Sanctions Act (CAATSA), for knowingly engaging in significant activities undermining cybersecurity against any person, including a democratic institution, or government on behalf of the Russian government. 30   The TsNIIKhM was found responsible for building a customized tool that enabled the August 2017 cyberattack on a Middle Eastern petrochemical facility. 31   The TsNIIKhM developed the Triton malware, also known as TRISIS and HatMan, to target and manipulate Industrial Controls Systems (ICS) that are used in some critical infrastructure facilities. The TsNIIKhM deployed the malware through phishing that targeted the petrochemical facility.

On the operations side, the 85th Main Special Service Center (Glavny Tsentr Specialnoy Sluzhbi; GTsSS), or military unit 26165 (dubbed Fancy Bear, APT28, or Strontium by Western cyber researchers) emerged as the main offensive facility of the Main [Intelligence] Directorate of the General Staff, along with military unit 74455. 32   In the Soviet Union, that center was part of the GRU’s radio technical intelligence, or SIGINT; it was updated in the 2000s.

The GTsSS has been recruiting new talent in Russian schools since at least 2014 via cooperation with the FSB’s IKSI. 33   It also recruits at hackers’ conventions (see below). At least one officer of that center, Aleksey Morenets (wanted by the FBI since 2018), graduated from the Military Airforce Academy in Voronezh. 34   There is also 18 TSNII (Central Research Facility), or military unit 11135, operational since 1938, which has been involved in SIGINT/ELINT research, including “developing the equipment for conducting and coding satellite reconnaissance activities,” and is now involved in information security under the auspices of the Main [Intelligence] Directorate.

The supervision of the cyber units in the military stayed the same — the 8th Directorate, the Main [Intelligence] Directorate, and the Science-Technical Committee, all at the General Staff of the Armed Forces.

3.2.2. Military setbacks

As early as March 2012, Russian Deputy Prime Minister Dmitry Rogozin spoke of the need to create a Russian military cyber command. 35   In February 2013, Shoigu announced his intention to create a cyber command and ordered the General Staff to provide him with recommendations. The defense minister set an end-of-2014 deadline. 36   However, the cyber command was never set up.

In 2017, Aleksander Sherin, deputy chair of the Duma’s Committee on Defense, denied the existence of a cyber command and cyber troops in Russia. 37

One of the reasons for this setback could be that the political decision-making in cyber is still dominated by the FSB (at the Security Council).

Photo: Director of Russian Federal Security Service (FSB) Alexander Bortnikov and Director of Foreign Intelligence Service (SVR) Mikhail Fradkov arrive for a wreath-laying ceremony marking the 75th anniversary of the Nazi German invasion, by the Kremlin walls in Moscow, Russia, June 22, 2016. Credit: REUTERS/Grigory Dukor

3.3. The Relationship between Russian Private and Security/Military Cyber Actors

Both the security services and the military have relied significantly on private actors to develop offensive cyber tools and conduct cyber operations.

Russian state/private partnership in cyber works in several ways.

3.3.1. Partial privatization of the networks of R&D facilities inherited from the KGB

Russian security agencies and the military rely on an empire of research institutions they had built in Soviet times. In the Soviet Union, a significant effort was made to hide and disguise the true affiliation of these research institutions. Take, for example, the Scientific Research Institute of Dalny Svyazi, or of long-distance communications, in St. Petersburg, known as Dalsvyaz. The institute, with a staff of more than 10,000, was overseen by the Ministry for Industrial Telecommunications, but its real purpose was to work for the military. The offices of the applied acoustics unit (working on voice and speaker recognition) of Dalsvyaz were always guarded by men with automatic weapons because the unit was not under the control of the institute at all but was instead run by the KGB. It was a classic Russian matryoshka — secrets within secrets. 38

Many of those research centers survived the collapse of the Soviet Union, like the Kvant Scientific Research Institute, founded in 1978 as a laboratory within the Design Bureau of Industrial Automation of the Ministry of Radio Industry. The ministry was officially civilian, but the Design Bureau of Industrial Automation was part of the Soviet military-industrial complex, while the Kvant laboratory was under the KGB. Kvant developed computers for the 16th Directorate of the KGB. It remained under control of the FAPSI in the 1990s and went to the FSB in the 2000s. At present, Kvant develops cyber weapons for the 16th Center of the FSB, essentially the same organization the institute has been working for since the beginning. The Design Bureau of Industrial Automation also remains active — now it’s part of the Rostech empire and involved in developing drones.  39

What has changed is that Kvant has launched private entities to work on FSB contracts. One of them is SyTech, a small company which has worked on contracts for the 16th Center since 2009, including a project for collecting data about users of social media (such as Facebook, MySpace, and LinkedIn), a project for deanonymizing Tor traffic with the help of rogue Tor servers, and a project to covertly penetrate P2P networks, like the one used for torrents. 40   On the surface, SyTech is a private company, but it shares personnel and contracts with Kvant (under US sanctions since June 11, 2018). 41

This same approach is being used by the SVR. The agency has worked with private entities like AO Pasit, affiliated with the SVR, on SVR contracts using its scientific production center “Delta” as a customer. 42

3.3.2. The role of private cybersecurity companies in recruitment and developing tools

The Russian company Positive Technologies identifies vulnerabilities in networks and publishes highly regarded research. 43   In April 2021, the company was blacklisted by the US Treasury for supporting the FSB. 44   According to the US Treasury, “Positive Technologies provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts large-scale conventions that are used as recruiting events for the FSB and GRU.” The company said these were “groundless accusations,” while its chief operating officer, Maxim Pustovoy, said the blacklisting was based on “a misunderstanding and a mistake.” 45   Positive Technologies has organized hacker competitions — Positive Hack Days and The Standoff — since 2011. 46   These events have been organized very much like the ARSIB’s CTF competitions, used by the FSB to approach and recruit young talent (Kaspersky Lab also sponsored Positive Hack Days). 47   An officer of the 85th Main Special Service Center (military unit 26165) of the Russian military intelligence — Dmitriy Badin (wanted by the FBI since 2018) — took part in Positive Hack Days in 2014. 48   The same conference was also attended by officers of the FSB. 49

Senior managers of Positive Technologies attended Infoforum conferences since at least 2013 and spoke alongside Krutskikh and officers of the FSB. Since 2014, Positive Technologies has sponsored Infoforums. 50

Another Russian company, also blacklisted by the US Treasury, is Digital Security, a cyber research group. According to the US Treasury, “Digital Security worked on a project that would increase Russia’s offensive cyber capabilities for the Russian Intelligence Services, to include the FSB.” 41

What Positive Technologies and Digital Security have in common is that their business is identifying vulnerabilities in networks. Digital Security, however, has also held a competition/conference for white hat hackers, called ZeroNights, since 2011. 51   So those companies not only develop tools for Russian security services but also provide them with recruiting opportunities.

Digital Security’s founder, Ilya Davidovich Medvedovsky, also co-wrote a book, Attack on the Internet , with two others, including a leading professor of information security at Peter the Great St. Petersburg Polytechnic University. 52

3.3.3. The challenge of linking cyberattacks to the SVR

The SVR is an ambitious and capable intelligence-gathering agency. For several years, Western cyber experts attributed cyberattacks on Western targets to the SVR (in particular, the attacks carried out by APT29). However, unlike other Russian agencies, such as the FSB and GRU, where attribution was verified independently by Russian and Western investigative journalists, no details that would help link cyberattacks to a particular unit at the SVR or expose the chain of command inside the agency were ever found.

A real-life story: a Russian hacker’s career in the year 2020 A young man in his early 20s, originally from an eastern suburb of Moscow, was a student at Bauman Moscow State Technical University. His father, a trained engineer, was a manager in a small private company, and his mother was an accountant. The young man was about to be conscripted to the army — a problem which all young men faced in Russia. Since the student studied computer science and information systems at the university — much like many other students — he was given a choice: either serve a year in a military unit located far from Moscow and live in the barracks; or join the cyber troops, stay in Moscow, share a room with another student, and visit family every weekend. A small salary for his service was also included. The young man did not hesitate. He decided to join the cyber troops, as did many of his peers, and stayed in Moscow. When he had finished his time in the army, the FSB offered him a job. He agreed, which surprised even his parents. His father asked him: Do you realize you won’t be able to travel abroad? I don’t really care, he responded.

4. Conclusions and Recommendations

As the world has seen in Ukraine, the Soviet military-industrial complex is back with a vengeance — only now, it is supplemented with cyber capabilities.

What we know about operational command and control in Russian cyber is limited, but as the history and analysis above has shown, we can draw four important conclusions.

First , Russia does not have a true cyber command. While the Presidential Administration and the Security Council coordinate cyber operations involving various agencies and non-state or quasi-state actors, they are not a cyber command in the US sense. There is no clear delineation of operational responsibility and no uniform system of reporting and accountability. Rather, Russia’s cyber-active agencies and actors are governed through a largely informal system of relationships in which political expediency may trump operational efficiency.

Second , the organizational, strategic, and cultural differences that characterize Russia’s various military and security agencies in the conventional field do not carry over into cyber operations. While their leadership may prefer not to, agencies such as the SVR and the GRU often find themselves attacking domestic cyber targets, while the FSB is active internationally.

Third , the lack of a true cyber command appears to mean that agencies tend to apply conventional approaches to cyber, rather than developing command-and-control approaches tailored to the cyber domain. While it is not clear that this has an adverse impact on efficacy, it further distinguishes patterns of cyber command in Russia from those found in the West. US and Western analysts must thus be careful not to assume that Russian structures and approaches mirror their own.

Fourth , Russia’s cyber-active state, quasi-state, and non-state cyber actors share roots in the Soviet and early post-Soviet SIGINT and cyber spheres — roots that continue to shape how Russian cyber functions to this day. This is reflected in the significant and continuing dependence of state actors on the private sector for recruitment, training, and technology, and in the fact that all actors recruit broadly from the same cohorts of specialists, with operatives sometimes moving fluidly from one agency to another. In that sense, structural distinctions between Russian cyber actors may be misleading.

Photo: A poster showing six wanted Russian military intelligence officers is displayed as U.S. Attorney for the Western District of Pennsylvania Scott Brady, accompanied by Assistant Attorney General for the National Security Division John Demers, speaks at a news conference at the Department of Justice, in Washington, U.S., October 19, 2020. Credit: Andrew Harnik/Pool via REUTERS

In the cyber arena, Russia’s biggest asset remains its cadres. The Soviet Union boasted the biggest engineer community in the world to serve its enormous military-industrial complex. Under Stalin, dozens of polytechnic schools were built across the country to train engineers, and networks of research facilities — secret and within the ostensibly civilian institutions — were funded for those engineers to contribute to the Soviet military and security services’ R&D.

When the Soviet Union collapsed, this sprawling system shook but didn’t break down. Some parts remained in the now independent countries, some fell into complete disarray due to lack of funding, but by and large, the parts within Russia survived the shock of the Soviet disintegration. The system did, however, experience a large hemorrhage of talent — many engineers went outside the tightly controlled world of the military-industrial complex to start a new life in private industry. Those engineers who chose the bright side launched Russian tech companies, including cybersecurity companies. The engineers, and their children, who chose the dark side, contributed to the emergence of the phenomenon of Russian hackers.

Under Putin, Russia’s intelligence community and the military were given political and financial resources to make use of that legacy. The polytechnic schools were given resources to reproduce talent, and new recruitment practices were adopted to make good use of those human resources which had gone private — both in the legal cyber business and in criminal hacker activities.

These days, Putin’s Kremlin relies on substantial cyber resources and a Soviet engineer culture that makes sure that enough talent and resources are available for Russia’s cyber operations on a global scale. The IT talent exodus from Russia is still underway, and the organizational competition for this talent between the services will likely only intensify, but there is not yet any indication that this has diminished or will diminish the threat posed by Russia’s cyber capabilities.

In the cyber arena, Russia’s biggest asset remains its cadres.

At least two things must be done to help contain the cyber threat from Russia.

Over the years, Western intelligence agencies accumulated substantial information about Russia’s cyber efforts. More of this data should be made available to the public, including information about the command-and-control systems, especially of the SVR. Greater transparency is needed, and intelligence sharing on key actors and their activities must be made a priority. Also, more transparency would help formulate more rigorous export controls to ensure Western tech is not enabling R&D of Russian cyber offensive operations.

The issue of Russian engineer training should also be addressed. In the foreseeable future, one cannot hope that Russian authorities will start a proper reform of the Russian education system. But Russian IT engineers and programmers are an essential part of the global effort in technology development; this is one of the achievements of globalization. It would be useful to set up STS (Science, Technology, and Society) courses, similar to the ones at the best US engineering schools, for Russian engineers working at Western companies. Educating Russian IT engineers on ethics would help bring a concept of the rule of law in the constantly changing world of cyber where the Russians are destined to play a key role no matter what political regime is in place in Moscow.

Related Articles

Related issue tags.

Ukraine war latest: Two killed in strike on Kherson; Ukraine accuses Russia of targeting civilians in 'potential war crime'

Two people were killed in air strikes in the southern Ukrainian city of Kherson, while an attack on a residential area in Kharkiv left six civilians injured - with Ukraine saying it is investigating the bombing as a potential war crime.

Sunday 19 May 2024 08:30, UK

Please use Chrome browser for a more accessible video player

• Two killed in Russian strikes on Kherson
• Ukraine investigating 'potential war crime' after civilians wounded
• Ukrainian soldiers reveal how they were secretly moved ahead of Russian invasion
• Russia takes control of village in Kharkiv - defence ministry
• Ukraine's divisive draft law comes into force | At least 30 Ukrainians have died crossing river to avoid
• Live reporting by  Josephine Franks

Six drones crashed on the site of an oil refinery in Slavyansk in Russia's southern Krasnodar region during an overnight attack by Ukraine, according to the Interfax news agency.

The Russian defence ministry said Russian forces shot down nine US long-range missiles over Crimea and at least 60 drones over Russian sovereign territory. 

There was no damage to the oil refinery, local authorities reported.

Members of a Ukrainian brigade have described how they were secretly relocated to help defend a section of the country's border with Russia a few days before a new invasion began.

One commander told Sky News how his guns were even firing at Russian troops who were "brazenly" amassing on the Russian side of the border some 24 hours prior to the incursion into Kharkiv.

"We were hitting tanks on the border… it was already a real war," said Sasha, 26, who uses the callsign "black".

The comments offer a sense of how Ukraineattempted - ahead of time - to scramble forces to counter a Russian build-up along its long, northeastern border.

Read more below from Sky News' Defence and Security Editor Deborah Haynes...

Two people died and two more were injured in Russian airstrikes on the southern Ukrainian city of Kherson, Ukrainian officials say. 

Kherson governor Oleksandr Prokudin said residential areas of the city were hit and a high-rise building and eight homes were damaged. 

It comes as Ukrainian prosecutors say they are investigating Russia for a "potential war crime" over claims it targeted residential areas - something Moscow denies. 

A Russian air strike on a residential area of Kharkiv is being investigated by Ukrainian prosecutors as a potential war crime after six civilians were wounded.

Among the injured were three children, aged eight, 13 and 16.

Moscow denies deliberately targeting civilians but thousands have been killed and injured since its February 2022 invasion of Ukraine.

About 45 miles to the northeast in Vovchansk, a city three miles from the Russian border, prosecutors said Russian shelling killed a 60-year-old woman and injured three other civilians.

A 59-year-old man was also injured in the village of Ukrainske, they said.

Meanwhile in Russia late on Saturday, Belgorod regional governor Vyacheslav Gladkov said a Ukrainian drone attack injured a woman and a man in the village of Petrovka.

They were treated for shrapnel injuries, he wrote on the Telegram messaging app.

Moscow's defence ministry said its forces shot down a Tochka-U missile fired by Ukraine into Belgorod.

A similar missile caused a Belgorod apartment building to collapse last week, killing at least 15 people, Russia said.

Ukraine's forces have destroyed all 37 attack drones launched by Russia overnight, according to Ukraine's Air Force chief.

"As a result of the anti-aircraft battle, all 37 'Shaheds' were shot down in Kyiv, Odesa, Mykolaiv, Sumy, Vinnytsia, Zhytomyr, Cherkasy and Kherson regions," the commander said. 

Sky News could not independently verify the report. 

Welcome back to our live coverage of the war in Ukraine.

Yesterday, Russia claimed to have taken control of the village Starytsia in Ukraine's Kharkiv region. 

It came after the Russian defence ministry said it had taken control of 12 settlements in Kharkiv in the space of a week on Friday. 

Yesterday also saw laws overhauling how army mobilisation works in Ukraine came into force. 

The legislation, which was watered down from its original draft, will make it easier to identify every conscript in the country.

We'll be bringing you all the live updates throughout the day but,  before we do, here's a reminder of the other key events from the last 24 hours: 

• A Russian Su-25 attack plane was shot down over Donetsk, according to a Ukrainian army brigade;
• Poland announced it's aiming to bolster its defences against what it says is a rising threat from Russia and Belarus with a £2bn security programme;
• Volodymyr Zelenskyy snubbed the French president's call for a truce between Russia and Ukraine during the Paris Olympics, saying it could give Russia the upper hand;
• At least 30 people have died trying to escape conscription by crossing a river separating Ukraine from neighbouring Romania and Hungary, the Ukrainian border service said;
• Russian forces launched drone attacks on two energy facilities in Ukraine, according to the country's grid operator Ukrenergo.

We're pausing our coverage of the Ukraine war for the moment.

Scroll through the blog below to catch up on today's developments.

A decorated Ukrainian pilot has been killed in action, the country's 831st tactical aviation brigade has announced. 

In a post on Facebook, the brigade said First Deputy Commander of the Aviation Squadron Lieutenant Colonel Denis Vasilyuk, was killed during a combat mission.

"We lost not just a pilot, but a reliable combat brother, a friend and just a wonderful and bright man," it added. 

He flew dozens of missions since the beginning of the war has has been awarded the Order For Courage medal. 

The medal is handed to members of the military for individual courage and heroism while rescuing people or valued materials while endangering their own life. 

A Ukrainian missile has been destroyed over Belgorod, the Russian defence ministry has said. 

It said the Tochka-U tactical missile was launched at around 9.15pm local time (7.15pm UK time). 

"Duty air defence systems destroyed one tactical missile over the territory of the Belgorod region," it added. 

Belgorod has been targeted several times, with attacks increasing in recent weeks. 

Volodymyr Zelenskyy has praised his forces' successes during his nightly address. 

The Ukrainian president said his troops had grown in confidence, particularly in the Kharkiv region. 

However, his message comes after Russia's defence ministry said its forces captured the village of Starytsia in the Kharkiv region earlier today - just eight days after a new Russian push in the area began.

"The occupier is losing its infantry and equipment, a tangible loss, even though, just as in 2022, it was counting on a quick advance on our land," Mr Zelenskyy said, referring to Russia's initial invasion of Ukraine in February of that year.

In the eastern Donetsk region around Chasiv Yar, a city seen as a key target in Russia's campaign, Mr Zelenskyy said Ukrainian forces had repelled a Russian assault. 

"Our soldiers destroyed more than 20 units of the occupier's armoured vehicles," he added.

Be the first to get Breaking News

Install the Sky News app for free