At the end of January, Ukrainian hacktivists of the Cyber Resistance team handed over to InformNapalm volunteer intelligence community a new portion of information retrieved from the hacked email correspondence containing documentation from the Russian company Special Technology Center LLC (STC). This information reveals new details of the foreign components procurement process for the production of Russian weapons and military equipment bypassing Western sanctions.

Let us recall that on January 12, 2024 we published the first part of the CYBINT investigation into STC which was translated into 8 languages. The investigation noted how Russian sanctioned companies circumvent Western sanctions and obtain foreign equipment, spare parts and components. Three days after the publication of this data in the media and amid the ensuing outcry, the German company Rohde & Schwarz whose products are frequently mentioned in the STC documentation, and are indispensable for the production of electronic warfare equipment, made a public statement on its Facebook and X pages, claiming that that they fully adhere to Western sanctions. The company publicly promised to review its own business processes to identify critical problems associated with the sale by intermediaries of their products that end up in production facilities in Russia.

The next day, on January 16, Bloomberg reported, citing its own sources, that Chinese state banks decided to tighten the conditions for providing services to Russian clients after the United States threatened to hit violators of anti-Russian sanctions with secondary restrictions.

Thus, at least two large Chinese banks in recent weeks have begun auditing their business with the Russian Federation, primarily cross-border transactions and funding of the Russian clients. Based on the results of the audit, banks must stop servicing the companies on the sanctions lists and no longer provide financial services to the Russian military-industrial complex, regardless of the currency and jurisdiction of the transactions in question. The audits also affect non-Russian companies doing business in Russia or supplying goods to Russia through third countries.

Considering that STC receives most of its goods through China, we decided to publish the second part of our CYBINT investigation, taking a closer look at the list of intermediaries and documents connected to other types of Russian electronic warfare systems. We will also disclose the data of a leading specialist at STC, who helped the hacktivists obtain internal documents of this company.

The Florinsky effect

An important, although not the only, role in obtaining the information by the hactivists was played by Andrey Pavlovich Florinsky, who was responsible for procurement for the research and development department of the STC. Florinsky’s email dump can be downloaded here: flor82@inbox.ru).

Florinsky used his email account as a notepad, periodically writing messages to himself. One of the examples contains fields with additional employee data.

Later, Florinsky even complained to a friend that he had been hacked.

In one of the screenshots of his messaging on VK we see a vestige of his high working morale and motivation: “Rotting at work from 8:30 to 19:30“. So much for Florinsky’s job attitude. However, over the past 10 months he has become a valuable source of information for Ukrainian hacktivists. The data received from him about the STC operations were transferred to Ukrainian intelligence services and foreign partners in order to strengthen the sanctions regime. Therefore, his “rotting at work” yielded some truly useful “fertilizer” for us. And it brought fruit.

Components supplied through China

Florinsky’s information shows that Russians are increasingly purchasing equipment through China, paying in the Chinese currency. Apparently, all parties working to circumvent sanctions are perfectly aware of what they are doing and invest themselves in the outcome. Contractors understand that they are purchasing foreign products in violation of sanctions, as do those who are selling to them.

Here is a scanned copy of the commercial offer dated February 2023. The amount is indicated in RMB and Euro.

The same message contains another interesting attachment – a table indicating specific projects this equipment is needed for. Please note that no one is hiding the Swiss components.

As to the settlements in RMB, here is a commercial offer from March 2023.

And here is a more recent commercial offer dated December 20, 2023 for the Rohde & Schwarz spectrum analyzer, already familiar to our readers from the previous publication.

It is worth noting that most Russian intermediaries do not even hide the fact that they purchase products from China. Here is an offer from another company Delasia LLC, offering “turnkey procurement operations” of the necessary products to STC.

Since STC is involved in the implementation of the state defense order, it is serviced by the Russian PJSC Promsvyazbank, which is closely connected with the defense industrial sector of the Russian Federation. The financial rules of the defense order mandate the contractor to open accounts in the same bank. STC sends out two reminders to all contractors about the contracting specifics and international currency payments.

The first contains the account details and mandatory contractual wordings for the state defense order.

And the second is an explanation of how to deal with foreign contractors.

AXIS

Documents from Florinsky’s mail show STC’s constant demand for video cameras from the Swedish company Axis.

These data were for August 2023. If we compare against the STC orders a year earlier, in September 2022, we can say that the quantities have decreased slightly, but the flow was not completely blocked.

Here is Marina Andreyeva from Soft-Tronic LLC (the company’s website says that they are an official distributor of AXIS equipment) promises to deliver 75 cameras in 20 weeks.

At the same time, the information provided by Florinsky suggests that cameras are used not only in UAVs. AXIS cameras were also critical for the Russian RB-333A Svirel system.

Actually, STC works with a large number of front companies acting as procurement intermediaries. Here is a list of such front companies detected in Florinsky’s email dump:

• RADIOLINE LLC [Rus.: ООО “РАДИОЛАЙН”] (OGRN 1117746143228, TIN 7718837905);
• PROTECH LLC [Rus.: ООО “ПРОТЕХ”] (OGRN 1077761186381, TIN 7701748975);
• OBORON HOLDING LLC [Rus.: ООО “ОБОРОН ХОЛДИНГ”] (OGRN 1157746688879, TIN 9701002563);
• IP Resheniya LLC [Rus.: ООО “Ай Пи Решения”] (OGRN 1107847302441, TIN 7810800625);
• TehSpetsKomplekt LLC [Rus.: ООО “ТехСпецКомплект”] (OGRN 1077847031118, TIN 7810090372);
• HV Devices LLC [Rus.: ООО “Эйч Ви Девайсес”] (OGRN 1177746955220, TIN 7731383288);
• ST NETWORKING LLC [Rus.: ООО “СТ НЕТВОРКИНГ”] (TIN: 7719727292, OGRN: 1097746408100);
• JSC NPF Dipol [Rus.: АО “НПФ “Диполь”] (OGRN 1027802497656, TIN 7804137537);
• ELPROM LLC [Rus. ООО “ЭЛПРОМ”] (OGRN 1127847332007, TIN 7805592546);
• DELASIA LLC [Rus.: ООО “ДЕЛАЗИЯ”] (TIN 7810778923, OGRN 1197847214685);
• and dozens of other companies.

Unfortunately, on this very incomplete list, only ELPROM LLC is under sanctions. Others are not yet. But it is important to note that front companies are quickly formed and take advantage of the loopholes in the sanctions mechanisms. Therefore, until sanctions become more stringent, this flow will not stop. Of course, restrictions on Chinese banks on conducting transactions for sanctioned Russian companies could change the situation.

By the way, as it turned out, this Russian manufacturer prefers British-made fabrics for its Orlans. For those interested, we suggest that you familiarize yourself with this document.

• FABRIC UAV rolls [XLS]

Florinsky’s mail dump contains a large number of similar interesting documents, dating not only from the period of the full-scale invasion, but also before it. Cyber Resistance hacktivists have made it available for free viewing and downloading via this link.

We can make public only a fraction of the data available to us. But even this array contains enough evidence for several more OSINT investigations into the STC operations since 2014. The publication of this information is critically important for maintaining and strengthening sanctions pressure on the Russian Federation and its collaborators.

Read more publications based on the data from Cyber Resistance hacktivists

• Hacking a Russian war criminal, deputy commander of the OMON of the Krasnoyarsk Krai
• Hacking a Russian war criminal, commander of 960th Assault Aviation Regiment
• Hacking Russian Z-volunteer Mikhail Luchin who ordered sex toys for $25,000 instead of drones for the Russian army.
• BagdasarovLeaks: hacking ex-member of the Russian State Duma Semyon Bagdasarov. Iranian gambit
• Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28
• Hacking “James Bond”: medical service commander of 960th Assault Aviation Regiment doxed key personnel of his own unit
• Hacking Andrey Lugovoy, member of the Russian State Duma, First Deputy Head of the Security Committee
• Ukrainian hacktivists acquired first-ever photo of the GRU hacker unit commander wanted by the FBI for meddling in the U.S. election
• New evidence of collaboration of former Slovak Justice Minister Štefan Harabin with the Russian Federation
• Hacking Colonel Leonid Rusin, ex-commander of Russian AWACS unit
• Ukrainian hackers posted lists and documents of the Russian 72nd Motorized Rifle Brigade (TOP-10 files)
• Economic summit Russia–Africa 2023 databases hacked by Ukrainian hacktivists
• Hacking Lieutenant Colonel Kasatkin, Russian war criminal, head of Combat Training of A-50 early warning aircraft, military unit 41520
• BabakovLeaks: hacking Alexander Babakov, Deputy Chairman of the Russian State Duma
• Cuban mercenaries fighting against Ukraine on the Russian side – Ukrainian hacktivists collected evidence
• Hacked: Russian pilot reveals schemes of weapons supply from Iran, South Africa and Mali to Russia
• Hacking the Infocomms Department of the Russian Ministry of Defense. Katyusha and the secrets of General Konashenkov
• CYBINT investigation: how the Orlan-10 manufacturer imports parts bypassing sanctions
• Hacking assistant to vice-speaker of the Russian State Duma: agents of influence in Serbia and media campaigns in the EU

Distribution and reprint with reference to the source is welcome! (Creative Commons – Attribution 4.0 International – CC BY 4.0) InformNapalm social media pages: Facebook / Тwitter / Telegram / Slate (Sl8).

InformNapalm does not receive any financial support from any country’s government or large donors. Only community volunteers and our readers help us to maintain the site. You can become one of the community volunteers. Please support the development of InformNapalm, the unique volunteer intelligence resource, with donations through Buymeacoffee or Patreon.