Inside Department 4: Russia’s secret school for hackers

INDUSTRY NEWS 3 min read Inside Department 4: Russia's secret school for hackers Graham CLULEY May 08, 2026 Promo Protect all your devices, without slowing them down. Free 30-day trial Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world's most notorious state-sponsored hacking groups. A new investigation by a consortium of journalists from The Guardian, Der Spiegel, Le Monde, and The Insider, amongst others, has lifted the lid on a secretive faculty inside one of Russia's most prestigious technical universities - that has spent years grooming students to become hackers for Russian military intelligence. Reporters managed to obtain a haul of 2,000 internal documents which revealed some of the secret goings-on, including at "Department 4" - a faculty with a seemingly deliberately unmemorable name within Bauman's military training centre, where the GRU appears to go shopping for fresh talent. Russia's military intelligence service, the GRU, directly controls who gets into Department 4, according to the leak. It is GRU that is overseeing exams, and signing-off on graduates' postings, with some promising students scouted as early as secondary school. A core course called "Defence against technical reconnaissance" covers password attacks, software vulnerabilities, and trojan horses. Students are told to carry out practical penetration tests, and one module is devoted entirely to computer viruses, with students required to write a virus of their own as part of the assessment. Presumably they gain extra marks for not infecting their lecturer's laptop. In addition, there are lessons in old fashioned James Bond-style spying with surveillance devices disguised as smoke detectors, physical keyloggers, and cables that silently send screenshots to a hidden drive. Among the 69 students who reportedly graduated from Department 4 in 2024 was Daniil Porshin. He spent six years at Bauman, achieving near-perfect grades. Upon his graduation, he is said to have been assigned to the Fancy Bear hacking group, which was linked by the US Department of Justice over the high profile hack of the Democratic National Committee. Fifteen other students found themselves assigned to hacking gangs, including one who appears to have been assigned to Unit 74455 (better known as Sandworm) - the GRU group which has been blamed by Western governments for attacks on Ukraine's power grid, Emmanuel Macron's 2017 presidential campaign, and the 2018 Winter Olympics. It is worth noting that not everyone makes the grade, with one student assessed by a senior GRU officer to have "insufficient understanding of how to carry out a remote network attack." According to the documents, one of Department 4's teachers is Major General Viktor Netyksho. If that name is familiar to you, it may be because he was indicted by Robert Mueller over the DNC breach. He has, it seems, gone from running the Fancy Bear hacking group to helping train its replacements. What the report does is act as a useful reminder that the threat posed by groups like Fancy Bear and Sandworm is serious and organised. Russia is running a state-funded, state-directed production line for hackers - complete with lecture theatres, examination boards, and a steady supply of fresh recruits. All of this means that those responsible for securing their organisations from cybercriminals cannot afford to relax. Patch your systems, enable multi-factor authentication, segment your network, log activity, train your workforce, make regular backups, run penetration tests against your organisation to see where your weak points may be, and so forth. Determined GRU-trained hackers, hell-bent on breaking into your organisation's IT infrastructure, may still find it impossible to find a way in - but make sure you have done everything in your power to make it as difficult for them as possible, and limit any damage they might be able to cause. TAGS industry news AUTHOR Graham CLULEY Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s. View all posts RIGHT NOW TOP POSTS INDUSTRY NEWS MOBILE SECURITY Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns April 02, 2026 INDUSTRY NEWS DATA BREACH Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data April 14, 2026 SCAM HOW TO Scammer phone number lookup. How to check if a phone number is a scam April 19, 2024 FAMILY SAFETY Is your child addicted to screens? What parents should watch for, according to a therapist March 19, 2026 FOLLOW US ON SOCIAL MEDIA YOU MIGHT ALSO LIKE INDUSTRY NEWS VERY SMALL BUSINESS ClickFix Campaign Uses Compromised WordPress Sites to Spread Vidar Stealer in Australia Filip TRUȚĂ May 08, 2026 INDUSTRY NEWS New fear: Man films woman with smart glasses, seeks money to take video down Silviu STAHIE May 08, 2026 INDUSTRY NEWS Ubuntu’s new AI dreams attracted a very old-fashioned crypto scam on X Silviu STAHIE May 08, 2026 BOOKMARKS You have no bookmarks yet. Tap to read it later.