Get all your news in one place.
100’s of premium titles.
One app.
Start reading

How Russian cybercrime has changed during the war in Ukraine

Russia's cybercrime underground is starting to recover from the disruptions caused during the ongoing war, which could spell bad news for U.S. companies, experts told Axios.

The big picture: Before the war started, some still hoped Russian President Vladimir Putin might crack down on the deluge of ransomware gangs in his country.


Why it matters: The war has killed off any incentive Putin may have had to stop cybercrime operations from targeting Western organizations.

  • Instead, given the lax relationship between Russian state-sponsored hacking groups and cybercrime gangs in the country, Putin has more reason to spur them on.

Flashback: When the war started, factions formed within cybercrime forums between those who supported Russia's war and those who stood with Ukraine.

  • A prime example of this was when a Ukrainian member of the Conti ransomware gang leaked its internal files after the group pledged allegiance to Russia.
  • Many Russian hackers fled to neighboring countries to avoid the military draft, according to a report from Recorded Future released this morning.

What's happening: Initial slowdowns in the Russian cybercrime underground have proven to be only blips, experts told Axios.

  • "There's still plenty of them that have got their operations back running and are conducting crime again," Mandiant's Hultquist said.
  • Hultquist said several Russian state-sponsored hackers have also been purchasing initial access to an organization from cybercriminal groups.

Between the lines: Even Russian cybercriminals who have fled their country to avoid the draft are seemingly starting to deploy ransomware attacks, Thanos said.

  • Thanos' organization, Arctic Wolf, has seen an uptick in so-called anonymous attacks, where a solo actor attacks an organization, never claims public responsibility for the attack, and demands a small payout to decrypt the files.

The intrigue: By enabling cybercrime gangs, the Russian government can claim it wasn't responsible for any of the groups' attacks while reaping the benefits of seeing Western organizations hindered.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.