How Russia Is Isolating Its Own Cybercriminals￼
This article was originally published on Dark Reading.
How Russia Is Isolating Its Own Cybercriminals
by Ian W. Gray, Senior Director of Research and Analysis
Sanctions imposed by the Biden administration, coupled with Russia’s proposed initiative to cut itself off from the global Internet, is causing cybercriminals to ponder their future.
Russian cybercriminals dominate the threat landscape, aided largely by a government that has heretofore turned a blind eye to their illicit dealings — as long as their attacks target organizations and individuals outside of Mother Russia. However, since Russia’s invasion of Ukraine on Feb. 24, the Kremlin has made a series of moves that threatens to disrupt the delicate balance that exists between them.
Without an extradition treaty with the United States, most of these cybercriminals operate with impunity or are nabbed when traveling outside of the United States. But in recent months this has not been the case. Several administrators and hosting providers were arrested in Russia in the past year for allegedly breaking the unspoken agreement between the government and cybercriminals. On Jan. 14, the Federal Security Service of the Russian Federation (FSB), in concert with US authorities, arrested members of the REvil ransomware-as-a-service (RaaS) collective that was responsible for the Kaseya attack. About a week later, the FSB detained four members of the Infraud Organization, including the group’s founder, Andrey Novak, who was also wanted by the FBI. Though Russia is responsible for detaining these cybercriminals, these arrests and illicit marketplace takedowns have been few and far between and seem to signal more of a public relations ploy than a formal desire to stop cybercrime that affects its Western counterparts; there is no formal cyber alliance between Russia and the United States.
In some ways, Russian cybercrime has always been a band apart, even in the underground. Russian cybercriminals, often young men, have had the autonomy to target foreign victims and establish various Dark Web-based marketplaces, card shops, and forums that attract like-minded threat actors. Wanted posters for these cybercriminals may very well be accompanied by images that showcase their Instagrammable lifestyles — poses that include expensive luxury automobiles, exotic cats, and stacks on stacks of US dollars.
To read the rest of Ian this article on Dark Reading, follow this link.