Researchers Unmasked Russia’s Most Secretive FSB’s Spy Network

A groundbreaking investigation has pulled back the curtain on one of Russia’s most clandestine intelligence operations, revealing unprecedented details about the Federal Security Service’s (FSB) 16th Center and its extensive signals intelligence network.

The research, conducted by CheckFirst analysts over more than a year, employed an innovative methodology combining traditional open-source intelligence techniques with “phaleristics”—the academic study of military insignia and decorations.

The FSB’s 16th Center, operating under the military designation “Unit 71330,” represents the modern incarnation of Soviet-era SIGINT capabilities that trace back to KGB Order No. 0056 issued on June 21, 1973.

This secretive unit inherited the primary signals intelligence operations from the dissolved Federal Agency for Government Communications and Information (FAPSI) in 2003, evolving into what intelligence experts describe as Russia’s premier electronic eavesdropping organization.

The Center’s current mission encompasses three critical domains: communications interception, cryptanalysis, and computer network operations targeting government institutions, NGOs, and private companies worldwide.

CheckFirst researchers identified the unit’s sophisticated operational structure through systematic analysis of over 200 military insignia photographs collected from Russian manufacturers’ websites, collector forums, and specialized phaleristics communities.

The investigation revealed that the 16th Center comprises at least ten distinct departments designated by letters including A, B, V, D, K, P, S, SP (Special Programs), ST, and T, employing a minimum of 560 personnel based on FSB organizational standards where departments require 55 employees and sections need at least eight.

Technical Infrastructure and Surveillance Capabilities

The research uncovered a comprehensive network of ten ground-based SIGINT facilities strategically positioned across Russia’s vast territory, from the Estonian border to remote locations near China.

These installations employ sophisticated interception equipment including Circularly Disposed Dipole Arrays (CDAA), also known as Wullenweber systems, capable of 360-degree beamforming and signal tracking at ranges up to 15,000 kilometers.

The facilities feature Multibeam Tracking Antennas (MBTA) designed for simultaneous satellite communications (SATCOM) interception and parabolic antennas ranging from six to 25 meters in diameter.

The investigators utilized digiKam, an open-source photo management software, to systematically catalog and analyze insignia containing geographic indicators, unit designations, and symbolic representations of the Center’s technical capabilities.

Cross-referencing this data with satellite imagery and declassified intelligence documents enabled precise geolocation of previously undocumented interception sites, revealing facilities equipped with vertical antenna arrays optimized for omnidirectional signal capture and high-frequency communications monitoring across multiple spectral bands.

Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now