Reading the Badges: How OSINT Mapped the FSB’s 16th Center
How do you map a spy service that hides behind codenames and five‑digit unit numbers, when its buildings are bland and its operators rarely post selfies, when the dots on the map are meant to stay invisible, how do you tell what a unit actually does if it never talks about itself, only about the missions it wants you to see
In July, a small Finnish research team answered with an old collector’s habit, medals and badges. CheckFirst’s investigation into the FSB’s 16th Center, the Russian service that blends signals intelligence, cryptanalysis, and computer network operations, shows what happens when phaleristics meets disciplined OSINT. Read enough inscriptions, trace enough manufacturers, compare enough motifs, and a picture emerges, not perfect, but sharp enough to matter.
Directly from the article,
By decoding the visual language of these insignia—acronyms, symbols, stylistic consistencies, foundation dates—we were able to reconstruct a partial but meaningful picture of the Center's history, internal organization, and operational footprint.
Based on the available evidence, the Center appears to oversee more than 560 personnel across at least 10 departments and to operate a network of at least 10 ground-based SIGINT facilities likely involved in intercepting sensitive foreign communications.
What is the 16th Center
The 16th Center, formally the Center for Radio‑Electronic Intelligence by Means of Communication, and publicly known as Military Unit 71330, is the FSB’s core SIGINT arm. Western governments have tied it to long‑running intrusion sets, Energetic Bear, Berzerk Bear, Dragonfly, and the broader Venomous Bear ecosystem, alongside overlapping activity from Turla. Its mission set tracks with classic SIGINT, intercept, decrypt, and exploit communications, paired with offensive CNO. What Is the FSB’s 16th Center, and What’s Behind Unit 71330?
1. The Legacy and Organizational Lineage
The 16th Center, formally the “Center for Radio-Electronic Intelligence by Means of Communication”, is the modern successor to a line of Soviet-era and post-Soviet electronic intelligence formations. Over decades, this lineage has unfolded from the KGB’s electronic warfare wings, through the post-Soviet Federal Agency for Government Communications and Information (FAPSI), and into today’s structure under the FSB. Unit 71330 is the internal military-style designation used for administrative and archival purposes within the Russian military-intelligence apparatus, serving as a way to classify the 16th Center under the broader Ministry of Defense and FSB bureaucratic frame.
2. Mission, Scope, and Capabilities
At its core, the 16th Center is a signals-intelligence (SIGINT) and cyber-operations hub. Its primary mission encompasses:
• Intercepting foreign electronic communications—satellite traffic, radio frequencies, and digital data streams engulfing strategic regions.
• Decrypting and analyzing intercepted content to extract intelligence.
• Conducting offensive cyber operations and computer network exploitation, often identified in open reporting as “Energetic Bear,” “Dragonfly,” “Venomous Bear,” and “Turla” campaigns.
• Sustaining long-duration access to adversary systems and infrastructure, leveraging layers of technical and legal support embedded within the Center’s internal structure.
Western agencies—including the U.K.’s National Cyber Security Centre and the U.S. Department of Justice—have publicly attributed high-profile, long-running intrusion campaigns to operators within Unit 71330, confirming the Center’s role in espionage and cyber offensive activity. These designations are now reflected in legal filings and fact sheets released by both governments.
3. Structure and Internal Organization
Prior open-source portrayals often treated the 16th Center as a monolith. CheckFirst’s analysis revealed something different. By studying commemorative badges, insignia, and awards, their scholars identified recurring departmental codes—alphabetic letters and unit labels—applied consistently across multiple, independently sourced items. These suggest:
A compartmentalized architecture, with distinct departments for cyber operations, legal/administrative support, technical infrastructure, training, and possibly signals collection versus processing divisions.
At least ten internal departments, significantly expanding the sense of internal complexity and operational scale.
A workforce likely numbering in the hundreds at minimum, given the diversity and volume of badge series across years and cohorts.
4. Geography and Operational Footprint
Unit 71330 appears to maintain a distributed network of SIGINT operations across Russia, targeting global communications arcs. For example:
Badges referencing Unit 83417—the 25th Special Communications Center near Shkotovo, Vladivostok—hint at monitoring of Northeast Asian and Pacific satellite and radio corridors.
Other badges bear map-like motifs or embedded coordinates, pointing to interception nodes across different regions, presumably aligned with key infrastructure or geopolitical zones.
CheckFirst’s mapping of these motifs suggests not only a geographically strategic footprint but also a consciously curated symbol set—each badge potentially signaling a role or location, giving subtle visibility to operational geography.
The method, reading the medals
CheckFirst’s approach combined the niche discipline of phaleristics—the study of medals and insignia—with rigorous OSINT, working from the idea that even the most secretive organizations express their identity in the symbols they create for themselves. Over the course of a year, the team assembled more than 200 images of FSB 16th Center badges from public manufacturer catalogs, online auctions, collectors’ markets, veteran forums, and commemorative event pages.
Each find was vetted for authenticity using a multi-layered process: checking for official maker’s marks stamped on the reverse or edges, comparing typography, color, and emblem design with confirmed originals, and seeking multiple independent images of the same item to rule out one-off fakes or digital fabrications.
Once authenticated, the badges were treated as encoded messages. Some carried explicit unit numbers or departmental abbreviations; others relied on imagery—radio towers, satellites, encryption keys, stylized maps—that hinted at mission focus or geographic location.
Anniversary dates and Soviet-era symbols provided historical continuity, linking modern units to their Cold War predecessors. Map outlines and embedded grid patterns were georeferenced and cross-checked against known or suspected SIGINT sites using satellite imagery, declassified records, and procurement data.
Through repetition and clustering, these artifacts began to reveal structure. When the same departmental letter codes or geographic shapes appeared on multiple unrelated medals, it suggested more than coincidence; it hinted at stable internal compartments or enduring site significance. The power of the method lay in treating each badge not as a curiosity but as a piece of a larger intelligence mosaic. And while the researchers openly acknowledged that some designs could be symbolic or commemorative rather than operational, the weight of consistent patterns, supported by external sources, turned enamel and brass into actionable insight.
Locations of the 16th Center’s SIGINT Units
CheckFirst’s meticulous “phaleristics + OSINT” investigation went beyond badges to trace the physical network of FSB’s 16th Center. Based on insignia featuring unit numbers, map motifs, and corresponding satellite imagery, the following interception facilities were geolocated (I have linked google maps to each location):
Unit 03110 (26th Special Communications Center): Adler, near Sochi — Coordinates: 43.391751, 40.002668. Once in Lourdes, Cuba, repurposed post-2000s.
Unit 11380: Near Temryuk, Krasnodar Krai — Coordinates: 45.240872, 37.262438. Features a torus antenna and large dish arrays.
Unit 44231: Saratov Oblast, near Balashov — Coordinates: 51.476034, 43.485856. A wide field of parabolic and vertical HF antennas.
Unit 49911 (22nd Special Communications Center): Pskov Oblast, near Neyolovo — Coordinates: 57.802142, 28.215784. Strategic for Baltic-region eavesdropping.
Unit 51952 (17th Special Communications Center): Near Nerastannoye, about 75 km south of Moscow — Coordinates: 55.062557, 37.661036. Documented via declassified CIA files.
Unit 61240 (23rd Special Communications Center): Krasnoye Selo, near St. Petersburg — Coordinates: 59.737041, 30.025704. Detailed insignia include the unit’s founding order.
Unit 61608 (20th Special Communications Center): South of Tsaritsyno Park, Moscow — Coordinates: 55.592169, 37.689097. The oldest, dating back to 1918.
Unit 70822 (18th Special Communications Center): East of Khabarovsk, near Vostochnoye — Coordinates: 48.469750, 135.262709. Includes a 160 m CDAA for broad Pacific monitoring.
Unit 83417 (25th Special Communications Center): Shkotovo, Primorsky Krai, near Vladivostok — Coordinates: 43.338538, 132.353302. Focused on Northeast Asia SATCOM interception.
Unit 83521 (21st Special Communications Center): Verbnoye, Kaliningrad Oblast — Coordinates: 54.930889, 20.533986. Monitors European SATCOM from the Baltic exclave.
What the badges say
Structure, the researchers identify at least ten departments inside the 16th Center, far more than the single directorate previously visible in open sources. The department letters recur across multiple distinct badge designs and sources, suggesting real internal compartments, legal support, technical services, cyber operations, and more. Staffing is estimated at a minimum of several hundred based on commemorative series breadth, a conservative lower bound rather than a hard headcount.
Geography, iconography on certain badges, including stylized maps and coordinates, lines up with a network of at least ten interception facilities across Russia.
One recurring example is Unit 83417, the 25th Special Communications Center at Shkotovo near Vladivostok, a site with clear strategic angles on Northeast Asia and Pacific SATCOM lanes. None of this proves live tasking on its own, but it fits the legacy footprint inherited from KGB and FAPSI, upgraded for modern SATCOM and RF collection.
Conclusion
CheckFirst’s work shows that even the most secretive agencies leave traces in their own culture of commemoration, traces that disciplined OSINT can transform into maps, timelines, and structural outlines.
Every badge, every unit crest, every stylized coastline is a fragment of a self-portrait the unit never intended for outsiders. Read in isolation, they are curiosities. Read together, they are intelligence. The ten sites identified in this investigation are not just coordinates on a map, they are the antennas and dishes through which the 16th Center listens to the world, shaping Moscow’s understanding of its adversaries and enabling its digital reach.
For security professionals, this is a reminder that adversary capability is rarely invisible, it is often hiding in plain sight, waiting for someone patient enough to connect the dots. For the 16th Center, the medals may still shine on the lapels of veterans, but their stories now shine just as brightly in the open, for anyone with the right lens to see.
Training Resources:
For individuals looking for a hands on training that includes all of the above topics, Covert Access Team (covertaccessteam.com) provides training courses focused on physical penetration testing, lockpicking, bypassing techniques, social engineering and other essential skills.
Covert Access Training - 5 day hands on course designed to train individuals and groups to become Covert Entry Specialists
Physical Audit Training - 2 day course on how to setup and run a physical security audit
Elicitation Toolbox Course - 2 day course of that primarily focuses on elicitation and social engineering as critical aspects of Black Teaming
Strategic Operations for Lone Operators - Advanced course for those who are interested in learning how to become a one man infiltration team.
Counter Elicitation - 2 day course on how to recognize and prevent elicitation attempts, and safegaurd your secrets.
Cyber Bootcamp for Black Teams - 2 day course designed explicitly for physical penetration testers who need vital cyber skills to add to their toolbox.
Private Instruction - Focused learning & training based on your needs .