Since the start of Russia’s full-scale invasion of Ukraine, cyber specialists and OSINT volunteers have conducted numerous successful multi-layered intelligence operations. Their details were made widely public in the media, including in a dedicated section of our website. Typically, information about individual successful operations becomes available after some time—sometimes months, sometimes years. Each operation is unique and has its own time frame, tactical, operational, and sometimes strategic boundaries.
Today, we’ll show you a specific example of intelligence work and documentation obtained through collaboration between cyber-specialists and OSINT analysts back in 2024. As of 2025, the operation’s operational intelligence potential was exhausted, and therefore we may disclose some data in 2026.
This operation brought together analysts fromUkrainian Militant, cyber-specialists from the 256th Cyber Assault Division, as well as volunteers from InformNapalm international intelligence community.
The operation was based on HUMINT data, preliminary OSINT analysis, and a subsequent CYBINT component. This combination allowed for the acquisition of information not available from open sources, in particular about the architecture of software tools used in the development and testing of Russian strategic nuclear forces, as well as the role of Russian foreign intelligence structures in these processes. All information was promptly provided to the Ukrainian Defense Forces.
But before we move on to a specific example, let’s look at the current regulatory challenges and official statements.
“The cyber warfare units of the Armed Forces of Ukraine have been conducting offensive cyber operations since February 2022. Cyberspace is a separate operational dimension of modern warfare, along with land, sea, air and outer space. Developing military cyber capabilities is a matter of national security.”
This was reported by the online media of the Ministry of Defense of Ukraine ArmyInform with reference to the publication of the General Staff of the Armed Forces of Ukraine dated March 10, 2026. The General Staff emphasized the need for legislative regulation and the official creation of the Cyber Forces of the Armed Forces of Ukraine, which, at the time of writing, remains unfinished. This process has been ongoing for several years, and legislative formalization entered its final stage in the second half of 2025.
Cyber intelligence in the Polus-24 case
Coming back to our example, in intelligence it is rare to find documents that provide several layers of information at once. One sheet shows the client, another the contractor, a third reveals the budget, and a fourth suddenly highlights a specific software product. This is precisely how the research and development (R&D) project codenamed Polus-24 worked, revealing a fragment of Russian defense-scientific cooperation at the intersection of military science, specialist software, and structures associated with Russia’s foreign intelligence.
Autonomous Non-Commercial Organization Center for Problems of Strategic Nuclear Forces of the Academy of Military Sciences (ANO CP SNA AVN) appeared in the documents obtained by cyber-specialists and volunteers in 2024. The name suggests that is, a structure related to the strategic nuclear forces of the Russian Federation. The organization’s name itself sets a high level of sensitivity. The documents also featured an R&D code “Polus-24”, a reference to the technical specifications, the project stage, intermediate tests of the specialist software modules, as well as calculations for developer input, salaries, overhead costs, and a license to use the source code of a third-party software product.
An important node in this story is the technical specifications. The document name (PDF) clearly mentions the client: “Tactical and technical specification No. 179/493 of the Federal State Institution Military Unit 33949 dated February 21, 2024.” For an analyst, this is a key point. The tactical and technical specification (TTS) defines the framework of the entire project: the owner of the task, its scope, its requirements, and its purpose. If Polus-24 is developed on the TTS provided by the Military Unit 33949, then this military unit is an important element of the project management chain.
This is a good starting point for open source intelligence. Federal State Institution Military Unit 33949 is indeed listed in open Russian registries with the following details: INN 7728124452, OGRN 1037728030306, registration date April 23, 1993, legal address in Moscow, Kolpachny Lane, 11, building 1. The registration profile also indicates the primary activity as “military security”, as well as the current commander—Pavel Aleksandrovich Ivanov, took office on February 1, 2024.
These details are already significant, as they lend specifics to a once abstract story. We now have a specific legal entity, with a specific address, a specific period of time, and a specific official. This is invaluable for building a timeline. The new commander is appointed on February 1, 2024, the TTS is issued on February 21, 2024, and the state contract is executed on April 19, 2024. This sequence of dates shows the completed project launch cycle.
It becomes even more interesting when paired with other OSINT investigations. In a number of publications, Military Unit 33949 is directly linked to the Russian Foreign Intelligence Service (SVR), including its illegal intelligence unit. This is an external attribution that is repeated in journalist investigations. For OSINT investigators, this is sufficient to evaluate Military Unit 33949 as part of the SVR context and approach it within this logic.
This is where Polus-24 takes on a different sound. This is no longer s straight R&D project in an environment related to strategic nuclear forces, but works carried out under the TTS of a military unit that external sources associate with the Russian Foreign Intelligence Service. In intelligence practice, this is the moment when individual fragments suddenly begin to paint a coherent picture.
The financial part is no less telling. According to the Polus-24 documents, the total cost of the work is approximately 11 million rubles. The breakdown shows that a significant portion of the funds goes towards salaries, insurance premiums, administration, and management. This structure is typical for intellectual work, software development and testing. We are seeing not a maintenance service or a purchase of off-the-shelf equipment, but a project where the main resources are specialists, man-hours, code, and specialized tools.
The mention of the source code licensing for the use of the LAN.Obrabotka specialist software suite deserves special attention. This is fundamentally important. In the documents of intelligence value, such lines often remain invisible to the untrained reader, whereas they reveal the technological level of the project, Data about this software is available from open sources.
According to the description, LAN.Obrabotka is a software package for multi-layer and parallel data processing. The stated capabilities include data extraction and analysis, OCR, ETL, intelligent analysis, modular architecture, API, and scalability for complex data processing scenarios. This explains well why exactly such a product could be used in a project that involves specialist software modules and intermediate testing.
Documents show that Polus-24 uses a licensed component to process data. They specify the product a name, show the form of dependency on external code, and make it clear that the developers were not doing the system from scratch. This is a very valuable intelligence clue because it opens up another avenue for network analysis: software copyright holders, integrators, other projects involving the same software product, and technological nodes potentially vulnerable to sanctions or counterintelligence.
Another telling factor is the scale of personnel involvement. The stage documents show the involvement of 22 contractors and a development effort of 5,239 standard man-hours. This is also an important detail that is often underestimated. It shows that Polus-24 was not a small, office-based task for a few people. This is teamwork with clear resource planning. Such figures help to assess the real scope of the project and distinguish a functional element of a wider state system from a formal scientific topic.
As a result, this package of documents yields several valuable intelligence results at once. Firstly, it identifies the R&D contractor. Secondly, it provides the project code, time frame and the TTS number. Thirdly, it establishes connection with military unit 33949. Fourthly, it outlines the financial model of the project. Fifthly, it identifies the deployment of a specialist software product, LAN.Obrabotke suite, in the project environment.
This is how modern analytical intelligence works. A single document rarely gives the complete picture. But several documents, combined with the registry data, external investigations, and technical specs, make it possible to see the institutional connections, personnel framework, budget, technological dependencies, and functional architecture of the project. This is precisely what makes Polus-24 interesting. This is not so much about a leak of classified documents. This is an example of how a cost estimate (PDF), technical specifications, and a line about a specialist software license allow to map a system operating in the interests of the aggressor state.
This case once again proves that intelligence value is often hidden in dry official details: the TTS number, dates, military unit details, signatures, source code licenses, personnel numbers, and payroll amounts. These details provide the evidence base for publications, analytical reports, sanctions dossiers, and further investigations.
We cannot publish the entire body of documents because it is necessary to maintain the “fog of war” to prevent the enemy from identifying the sources of the leaks. Especially when it comes to software products for the Russian strategic nuclear forces. But at the same time, the enemy must know that for years its internal strategic systems have been an open house for cyber-specialists from Ukraine, and most probably from various other countries. In all likelihood, all their secrets are no longer that secret. This is precisely why aggressive war is a strategically flawed path that leads not to the achievement of goals, but to the accumulation of tactical defeats and, ultimately, to a strategic collapse.
Read more about the modern offensive and reconnaissance cyber operations conducted by Ukrainian specialists:
- OKBMLeaks: classified documents from a Russian components manufacturer for Su-57 fighter and PAK DA Poslannik next-gen bomber
- Budapest as a hub for the Russian defense industry: Hungary facilitating dodging of international sanctions against Russia
- “We can smuggle even nukes”: Russian officers from the 291st Regiment and Vostok-Akhmat establish weapons smuggling channel through Crimea
- Ukrainian hackers uncover how Russian drone operators are using Belarus
