Russia's Criminal Hackers

Uploaded on 2021-10-14 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

A global epidemic of digital ransomware is crippling local governments, hospitals, school districts and businesses by scrambling their data files until they pay up and law enforcement agencies appear  powerless to stop it.

Russia-based hacker groups have been accused of many of these massive ransomware attacks on major businesses and government agencies in the past year.  Ransomware exploits are dominated by Russian-speaking cyber criminals who are shielded and apparently sometimes employed, by Russian national intelligence agencies, according to security researchers and now by the Biden administration.

The hacking group, REvil, that was believed to be based in Russia, and has been linked by the FBI to the ransomware attack in May on JBS USA, the nation’s largest beef producer.  The more recent attack on Kaseya impacted up to 1,500 companies, many of them small businesses. On 13 July 2021, REvil websites and other infrastructure vanished from the Internet, but it returned two months later.

REvil, also known as Sodinokibi, emerged as one of the most commonly reported ransomware criminals in 2021. “Russian law enforcement and the FSB in particular have a very good idea of what is going on and they are monitoring it, but as long as the fraud is restricted to other parts of the world they don’t care,” said cyber crime expert Misha Glenny

One indication that the Russian government can effectively enforce the law if it so chooses is the fact that malware used by Russian and east European cyber criminals is often designed so that it “purposefully avoids infecting computers if the program detects the potential victim is a native resident.” 

The DarkSide criminal hacking group rose to notoriety following its attack on the Colonial Pipeline, a major US fuel pipeline, which disrupted fuel distribution along the southeastern US. DarkSide is believed to be based in Russia but Biden has said that the US intelligence has no evidence that their work is state-sponsored.

Recently, the US Justice Department said  that it had seized 63.7 bitcoins currently valued at approximately $2.3 million that had been paid to DarkSide as ransom. The funds recovered allegedly represent the proceeds of the ransom payment to individuals in a group known as DarkSide, which had targeted Colonial Pipeline, resulting in critical infrastructure being taken out of operation.  

Former British intelligence cyber chief Marcus Willett has called the ransomware scourge “arguably more strategically damaging than state cyber spying.” 

According to Gemini Advisory analytics, the DarkSide group are regarded as prolific professionals in their field and even possess their own code of ethics and customer service, serving as an intermediary by providing services and assistance to other hackers. 

  • The FBI has linked Russia-based hacker group REvil to the cyber attack on JBS, the world’s biggest meat processor which ended up paying an $11 million ransom. The JBS attack took place within three weeks of the Colonial Pipeline attack, exposing vulnerabilities in the systems of U.S. corporations and government agencies. 
  • REvil has also been associated with the massive cyber attack on US software company Kaseya, which serves over 40,000 customers in the US and worldwide. REvil demanded $70 million in ransom following the Kaseya hack, which affected an estimated 1,500 businesses. 
  • A Russia-based group called Nobelium has been linked to the massive 2020 SolarWinds hack that compromised about 100 US companies, including Microsoft, Intel and Cisco, in addition to a dozen government agencies including the Treasury, Justice and Energy departments and the Pentagon. 
  • In May, Microsoft said there had been a series of phishing attempts launched by Nobelium. A security update from Microsoft stated that Nobelium has stepped up attacks, notably targeting government agencies involved in foreign policy as part of intelligence-gathering efforts.

The US Treasury Department has accused Russia’s intelligence services of cultivating and co-opting cyber criminals. US intelligence agencies believe that Russian-speaking cyber criminals are shielded and often employed by the Russian government. 

The hacker groups operate within the Russian-speaking ecosystem and remain wary of Western intelligence services infiltrating their forums, The Washington Post said. 

Since taking office Biden has repeatedly told Moscow to take responsibility for the cyber attacks, warning that if the Kremlin does not take action the US will. And at their June 16 summit in Geneva, Biden presented President Vladimir Putin with a list of 16 areas of critical infrastructure that “should be off limits” to Russian cyber attacks.

Moscow denies any association with the hacking groups and has responded to questions on Russia’s alleged harboring of cyber criminals by saying that the US does the same. 

  • In April, the US hit  Russia with new sanctions in response to malicious cyber activities, accusing Russia’s intelligence services of being behind the SolarWinds hack. 
  • In May, DarkSide said that it had lost control of its servers a day after Biden announced US plans to disrupt the hackers behind the Colonial Pipeline cyber attack.  
  • Recently the REvil group also said that it plans to stop attacking sensitive social sectors like healthcare, educational institutes, and the government networks of any country, which it believes could draw unwanted attention to its operation, such as the attention DarkSide is getting right now.

Cyber security experts believe the Kremlin gives approval to cyber criminals on Russian territory as long as they don’t target Russia or its allies, protecting them from prosecution. 

President Vladimir Putin said in 2016 that if hackers “did not break Russian law, there is nothing to prosecute them for in Russia.” Russia’s Constitution forbids the extradition of its own citizens to other countries, an issue that has forced American authorities to arrest suspected hackers once they exit Russia’s borders.

NBC:        US Dept. of Justice:        Moscow Times:       Recorded Future:     Gemini Advisory:      NPR

Carnegie Endowment:    The Hill:     NY Times:    The Record:    The Hacker News:     Washington Post

You Might Also Read: 

Cyber Attacks May Lead To A “shooting war”:

 

« Ever Increasing Attacks On Maritime Ports & Systems
Ukraine Police Arrest Botnet Attack Controller »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Paraben

Paraben

Paraben provides digital forensics solutions for mobile devices, smartphones, email, hard drives, and gaming system.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

National Cybersecurity and Communications Integration Center (NCCIC) - USA

National Cybersecurity and Communications Integration Center (NCCIC) - USA

NCCIC is a cyber situational awareness, incident response, and management center for the US Government, intelligence community, and law enforcement.

Institute for Cyber Security Innovation - Royal Holloway

Institute for Cyber Security Innovation - Royal Holloway

The Institute for Cyber Security Innovation aims to bring together Academia, Industry and Government to be a catalyst for applied research and innovation in cyber security policy and solutions.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

Datrix

Datrix

Datrix is a leading Smart Infrastructure and Cyber Security solutions provider. We deliver critical networking, communications and cyber security solutions to public and private sector organisations.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Cyber Security Services

Cyber Security Services

Cyber Security Services is a cyber security consulting firm and security operations center (SOC).

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

CyberXposure

CyberXposure

CyberXposure has been built by a team comprising of Cyber Security Professionals and SAAS experts in data backup, disaster recovery and cyber-security.

Memcyco

Memcyco

Memcyco is a provider of cutting-edge digital trust technologies to empower brands in combating online brand impersonation fraud, and preventing fraud damages to businesses and their clients.

IS4IT Kritis

IS4IT Kritis

IS4IT is your partner for the successful planning, introduction and implementation of company-specific information security concepts.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.