Focus Mode
Threat Research

Tracking Deployment of Russian Surveillance Technologies in Central Asia and Latin America

RecordedFuture
Tracking Deployment of Russian Surveillance Technologies in Central Asia and Latin America
This article discusses the proliferation of Russia’s System for Operative Investigative Activities (SORM) in Central Asia and Latin America, revealing the export activities of major SORM providers and the associated risks of government surveillance. It highlights the misuse of surveillance technologies by governments and offers mitigation strategies for companies operating in these regions. Affected Platform: SORM, telecommunications, internet services

Keypoints :

  • Central Asia and Latin America are adopting Russia’s SORM for digital surveillance.
  • At least eight SORM providers are exporting to these regions, with numerous telecommunications companies as customers.
  • Major Russian SORM providers are actively participating in international trade expositions.
  • Governments using SORM have a history of misusing surveillance against political opposition and activists.
  • SORM allows authorities to intercept communications without service provider knowledge, increasing potential for abuse.
  • SORM has evolved to monitor various forms of communication, including internet traffic and social media.
  • Foreign deployments of SORM may risk unauthorized access by the Russian government.
  • Companies should adopt privacy tools and assess surveillance risks when operating in SORM-using countries.
  • Indicators of higher state surveillance risk include imports from Russian SORM providers and restrictive legislation.
  • Export of Russian surveillance technologies is likely to continue, enhancing Moscow’s influence.

MITRE Techniques :

  • Collection (TA0011): SORM enables the collection of telecommunications traffic and metadata without service provider oversight.
  • Exploitation of Remote Services (T1210): The risk of Russian government access through SORM systems raises concerns about exploitation of intercepted data.
  • Data from Information Repositories (TA0009): SORM allows long-term storage and searchable access to collected traffic and subscriber metadata.

Indicator of Compromise :

  • [domain] example1[.]sormprovider.com
  • [url] http://www.sorm-export.com
  • [others ioc] Evidence of intrusive surveillance practices
  • [others ioc] Reports of backdoors in SORM equipment
  • Check the article for all found IoCs.

Full Research: https://www.recordedfuture.com/research/tracking-deployment-russian-surveillance-technologies-central-asia-latin-america

Tags: MONITOR, RUSSIA, GOVERNMENT, MOBILE, COLLECTION, SOCIAL MEDIA