WASHINGTON – Moscow’s intelligence agencies have influence over Russian ransomware criminal groups and have insight into their activities, but they have no control over the organizations’ goals, according to a report. The report was published on Thursday.
Some US officials say there has been a lull, at least for now, in major ransomware attacks on critical US infrastructure attributed to Russian criminal groups – a pause reflects Moscow’s ability to partially check criminal networks operating in the country. .
But a group of ransomware that disappeared after the attacks this summer, REvil, appears to have returned to the dark web this week and reactivated the portal victims used to make payments.
“Although the attacks are gone, it’s a fair bet” that criminal networks are looking for signals from the Russian government, said Chris Inglis, executive director of national networks. about how they can restart their attacks.
“What I think will make a difference is whether Vladimir Putin and others who have the ability to enforce the law, international law, make sure they don’t come back,” Inglis said on Thursday. at an event organized by Reagan. Academy. “But it’s too early to say we’re out of the woods on this.”
The report by cybersecurity firm Recorded Future supports the assessment of US officials, who said Russia did not directly tell the groups what to do but was aware of their activities and asserted influence. . Russian intelligence agencies all recruit talent from groups and may put some limits on their activities, several US officials said.
According to the report, Russian intelligence officials have longstanding ties to criminal groups. It said: “In some cases, it is almost certain that intelligence agencies maintain established and systematic relationships with criminal threat actors.
In recent months, Recorded Future has also published interviews with Russian hackers involved in ransomware attacks against the United States.
The Russian government’s relationship with criminal hackers is different from that of other hostile powers, like China or North Korea.
Justice Department officials have accused the Chinese government of controlling a number of hacking criminal gangs operating in its territory by directing them to carry out missions. In return, China’s intelligence agencies facilitated criminal groups to attack American businesses.
China’s control over its hackers is the same kind of tight restriction it places on its society, business, and propaganda efforts.
But the Russian government has a different approach. According to US government officials, Moscow allows oligarchs and criminal groups to carry out their own schemes, as long as they don’t challenge the Kremlin and are working towards President Vladimir’s goals. V. Putin.
As a result, Russia’s control of hackers is often looser, making it impossible for Putin and other Russian officials to deny. But the risk is that criminal groups could go too far, triggering a strong response from the US, US officials said. Putin’s preferred strategy is to allow hacks to trouble the United States, but not an international crisis.
“Government doesn’t dictate who can hack, but for a long time there’s been a really interesting connective tissue between government and criminal networks,” said Christopher Ahlberg, chief executive officer of Recorded Future. Christopher Ahlberg, CEO of Recorded Future.
Russia’s Federal Security Service, the intelligence agency known as the FSB, has nurtured hackers who specialize in ransomware, Richard W. Downing, deputy attorney general, said at a hearing. in the Senate in July.
“As we know, Russia has a long history of ignoring cybercriminals within its borders, as long as criminals fall victim to non-Russians,” Mr. Downing said.
The Russian government provides hackers with a measure of protection, and in return, they sometimes exploit their expertise – and a portion of the money the ransomware groups earn goes to officials, Mr. Ahlberg said.
Experts at Recorded Future and US government officials have argued that pressure the Biden administration put on Russia to clamp down on criminal groups in May hit a major US energy supplier, Colonial Pipeline and other companies have at least put Putin on the defensive.
However, Mr. Ahlberg said the allure of large profits from ransomware attacks may be too hard to ignore in the long run.
DarkSide, the Russian hacking group whose Colonial Pipeline breach led to gas shortages on the East Coast, dissolved shortly after, under pressure from American and Russian officials. The future experts are noted to believe that the members of the group are active again.
“Once you’ve made 500 million and it’s pretty easy to earn it, you keep doing it,” Mr. Ahlberg said.
The report concludes that the age-old relationship between criminal hackers and Russian intelligence agencies is unlikely to weaken.
“The current Russian government is unlikely to crack down on cybercrime for the foreseeable future beyond taking some limited steps to appease international demand,” the report said.
Russian intelligence began recruiting highly skilled computer programmers almost 30 years ago. After being arrested on suspicion of hacking-related crimes, several people testified that they were approached by people with ties to intelligence services, an activity that has continued in recent years, according to the report. fox.
But beyond such coercive recruitment, some hackers voluntarily seek to support Russia’s strategic goals.
Among the most prominent is Dmitry Dokuchaev, according to the report. He is a former major in the FSB, the successor to the KGB and the main security and intelligence agency in Russia.
A criminal hacker specializing in credit card theft, he was hired by the FSB at least in 2010 and worked with them until 2016, according to US law enforcement.
In 2017, US prosecutors accused Mr. Dokuchaev of directing and paying criminal hackers. He and others are accused of accessing approximately 500 million Yahoo accounts for the purposes of espionage and personal gain.
Mr. Dokuchaev was also suspected in Moscow, and he was eventually arrested, accused of being a double agent for the United States. Mr. Dokuchaev was released from prison in May after serving just over four years of a six-year sentence.
The Recorded Future report suggests that except for some prosecutions of those who have targeted Russian entities, Moscow has done little to disrupt criminal hackers.
The report found: “The Kremlin’s silent response to cybercriminal activities originating within Russia has fostered an environment where cybercriminal organizations are well-organized businesses.” .
Andrew E. Kramer Report contributions from Moscow.