HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Russian GRU’s ‘Department 4’ at Bauman University Trains Students for Fancy Bear, Sandworm and Other State‑Sponsored Hackers

Investigative reporting uncovered a secret faculty at Bauman Moscow State Technical University, directly overseen by the GRU, that trains elite students in offensive cyber techniques and then places them into notorious Russian APT groups. The pipeline heightens supply‑chain risk for organizations that engage Russian‑origin vendors or services.

LiveThreat™ Intelligence · 📅 May 09, 2026· 📰 bitdefender.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
bitdefender.com

Russian GRU’s “Department 4” at Bauman University Trains Students for Fancy Bear, Sandworm and Other State‑Sponsored Hackers

What Happened — Investigative journalists obtained ~2,000 internal documents from Bauman Moscow State Technical University that reveal a covert faculty, “Department 4,” directly overseen by Russia’s military intelligence (GRU). The program grooms elite students in password attacks, vulnerability exploitation, virus creation, and covert surveillance, then pipelines graduates into elite GRU‑affiliated hacking groups such as Fancy Bear and Sandworm.

Why It Matters for TPRM

  • State‑sponsored talent pipelines increase the likelihood of sophisticated supply‑chain and espionage attacks against third‑party vendors.
  • Organizations that rely on Russian‑origin hardware, software, or services may unwittingly expose themselves to actors trained in this program.
  • The disclosed curriculum demonstrates a systematic, government‑backed capability to develop zero‑day exploits and advanced persistence techniques.

Who Is Affected

  • Government and critical‑infrastructure entities (energy, telecom, finance) that engage Russian suppliers.
  • Technology vendors with development or support teams located in Russia.
  • Any organization that contracts with Russian‑based MSPs, cloud providers, or software developers.

Recommended Actions

  • Review all contracts and data flows involving Russian‑origin vendors; add explicit clauses for vetting of personnel.
  • Conduct a risk assessment of supply‑chain exposure to GRU‑trained actors; consider diversifying away from high‑risk providers.
  • Strengthen monitoring for indicators of compromise associated with Fancy Bear, Sandworm, and related APT groups.

Technical Notes — The curriculum includes hands‑on penetration testing, custom virus development, and covert hardware surveillance (e.g., disguised keyloggers). No specific CVE is cited, but the training covers “defence against technical reconnaissance,” indicating proficiency in exploiting both software and hardware vulnerabilities. Source: Bitdefender Blog – Inside Department 4

📰 Original Source
https://www.bitdefender.com/en-us/blog/hotforsecurity/inside-department-4-russias-secret-school-for-hackers

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →