Russian cybercrime is starting to rebound after war disruption
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Maura Losch/Axios
Russia's cybercrime underground is starting to recover from the disruptions caused during the ongoing war, which could spell bad news for U.S. companies, experts told Axios.
The big picture: Before the war started, some still hoped Russian President Vladimir Putin might crack down on the deluge of ransomware gangs in his country.
- President Joe Biden and Putin had held semiregular phone calls to discuss the ransomware problem, among other issues.
- A month before invading Ukraine, Putin arrested several alleged members of the REvil ransomware gang, which targeted U.S. critical infrastructure in 2021.
Why it matters: The war has killed off any incentive Putin may have had to stop cybercrime operations from targeting Western organizations.
- Instead, given the lax relationship between Russian state-sponsored hacking groups and cybercrime gangs in the country, Putin has more reason to spur them on.
Flashback: When the war started, factions formed within cybercrime forums between those who supported Russia's war and those who stood with Ukraine.
- A prime example of this was when a Ukrainian member of the Conti ransomware gang leaked its internal files after the group pledged allegiance to Russia.
- Many Russian hackers fled to neighboring countries to avoid the military draft, according to a report from Recorded Future released this morning.
What's happening: Initial slowdowns in the Russian cybercrime underground have proven to be only blips, experts told Axios.
- "There's still plenty of them that have got their operations back running and are conducting crime again," Mandiant's Hultquist said.
- Hultquist said several Russian state-sponsored hackers have also been purchasing initial access to an organization from cybercriminal groups.
Between the lines: Even Russian cybercriminals who have fled their country to avoid the draft are seemingly starting to deploy ransomware attacks, Thanos said.
- Thanos' organization, Arctic Wolf, has seen an uptick in so-called anonymous attacks, where a solo actor attacks an organization, never claims public responsibility for the attack, and demands a small payout to decrypt the files.
The intrigue: By enabling cybercrime gangs, the Russian government can claim it wasn't responsible for any of the groups' attacks while reaping the benefits of seeing Western organizations hindered.
Sign up for Axios’ cybersecurity newsletter Codebook here.
