[ad_1]
WASHINGTON — Moscow intelligence services have influence over Russian ransomware groups and have broad insight into their activities, but they do not control the organizations’ targets. A report released on Thursday.
Some U.S. officials have said there is a lull in major ransomware attacks on high-profile American critical infrastructure attributed to Russian criminal groups, at least for now – a pause that reflects Moscow’s ability to partially control the criminal networks operating in the country. .
But REvil, a ransomware group that disappeared after attacks over the summer, returned to the dark web this week and reactivated a portal victims used to make payments.
National cyber director Chris Inglis said it’s a “fair bet” that although attacks have dwindled, criminal networks are seeking signals from the Russian government on how they can restart their attacks.
“I think what will make the difference is whether they can ensure that Vladimir Putin and others with the ability to enforce the law, international law, do not return,” Mr Inglis said on Thursday. During an event hosted by the Reagan Institute. “But it’s too soon to say we’re out of the woods on this one.”
The report, by cybersecurity firm Recorded Future, supports the assessments of US officials, who say Russia has not directly told the groups what to do, but is aware of their activities and has influence. Some American officials said that Russian intelligence agencies are both collecting talent from groups and may impose some limitations on their activities.
According to the report, Russian intelligence officials have longstanding ties to criminal groups. “In some cases, it is almost certain that intelligence services maintain an established and systematic relationship with criminal threat actors,” he said.
In recent months, The Saved Future also published Interview with Russian hackers Involved in ransomware attacks against the US.
The Russian government’s relationship with criminal hackers is different from that of other hostile powers like China or North Korea.
Ministry of Justice officials blamed the Chinese government exercise control of some criminal gangs To operate on their territory by directing them to fulfill their duties. In turn, Chinese intelligence services are giving criminal groups the opportunity to attack American businesses.
China’s control over hackers is similar to the tight restrictions it imposes on society, business, and propaganda efforts.
But the Russian government has a different approach. According to American government officials, Moscow allows oligarchs and criminal groups to pursue their own plans as long as they do not challenge the Kremlin and generally work towards the goals of President Vladimir V. Putin.
As a result, Russians’ control over hackers is generally looser, giving Mr Putin and other Russian officials a degree of denial. But U.S. officials said there was a risk that criminal groups would go too far with a strong response from the United States. Mr. Putin’s preferred strategy is to allow hacks that cause problems for the United States, but stop initiating an international crisis.
“Government officials don’t give instructions on who gets hacked, but there’s been a really interesting connective tissue between government and criminal networks over a long period of time,” said Christopher Ahlberg, CEO of Recorded Future.
Russia’s Federal Security Service, the intelligence agency known as the FSB, has trained hackers specializing in ransomware, deputy attorney general Richard W. Downing said at a Senate hearing in July.
“As we know, Russia has a long history of ignoring cybercrime within its borders as long as criminals victimize non-Russians.” Mr Downing said.
Mr. Ahlberg said the Russian government has given hackers some protection, in return occasionally tapping into their expertise and passing some of the money the ransomware groups make to the authorities.
Recorded Future experts and U.S. government officials argued in May that the Biden administration’s crackdown on Russia to control criminal groups that attacked a major U.S. energy supplier, Colonial Pipeline, and other companies, put Putin on the defensive, at least.
But Mr Ahlberg said the lure of huge returns from ransomware attacks could be too hard to ignore in the long run.
The Russian hacking group DarkSide, which breached the Colonial Pipeline and caused gas shortages on the East Coast, soon disbanded under pressure from American and Russian officials. The Saved Future experts believe that members of the group have become active again.
“Once you make 500 million and it’s pretty easy to do, you’re going to keep doing it,” Mr. Ahlberg said.
The report concludes that the longstanding relationship between criminal hackers and Russian intelligence services is unlikely to weaken.
“The current Russian government is not expected to crack down on cybercrime in the near future, beyond taking some limited steps to appease international demands,” the report said.
Russian intelligence began recruiting talented computer programmers about 30 years ago. According to the report, some claimed that people with ties to intelligence services approached them after they were arrested on suspicion of hacking-related crimes, a practice that has continued in recent years.
But in addition to such forced recruitment, some hackers voluntarily try to support Russia’s strategic goals.
Among the most prominent, according to the report, is Dmitry Dokuchaev. A former major in the FSB, the successor of the KGB and the main security and intelligence agency in Russia.
A criminal hacker specializing in stolen credit cards was hired by the FSB until at least 2010 and worked with them until 2016, according to American law enforcement.
In 2017, American prosecutors charged Mr. Dokuchaev with managing and paying criminal hackers. He and others were charged gain access to nearly 500 million Yahoo accounts for both espionage and personal gain.
Mr. Dokuchaev Suspected in Moscow and eventually arrested, accused of being a double agent of the United States. Mr. Dokuchaev It was published He was released from prison in May, after serving just four years of his six-year sentence.
Other than prosecuting several individuals who targeted Russian assets, Moscow has done little to thwart criminal hackers, according to the Recorded Future report.
“The Kremlin’s silent response to cybercrime activities originating from Russia has nurtured an environment in which cybercriminals are well-organized initiatives,” the report said.
Andrew E Kramer Contributed to reporting from Moscow.
[ad_2]
Source link