When the world gets closer.

We help you see farther.

Sign up to our expressly international daily newsletter.

Geopolitics

REvil Bust: Is Russian Cybercrime Crackdown Just A Decoy From Ukraine?

This weekend’s unprecedented operation to dismantle the cybercriminal REvil network in Russia was carried out on a request and information from Washington. Occurring just as the two countries face off over the Russian threat to invade Ukraine raises more questions than it answers.

A laptop screen displaying Russian president Vladimir Putin, and phone with his name on it.

Kyiv blamed Russia for another cyber-attack that knocked out key Ukrainian government websites last week

Cameron Manley

The world’s attention was gripped last week by the rising risk of war at the Russia-Ukraine border, and what some have called the worst breakdown in relations between Moscow and Washington since the end of the Cold War. Yet by the end of the week, another major story was unfolding more quietly across Russia that may shed light on the high-stakes geopolitical maneuvering.

By Friday night, Russian security forces had raided 25 addresses in St. Petersburg, Moscow and several other regions south of the capital in an operation to dismantle the notorious REvil group, accused of some of the worst cyberattacks in recent years to hit targets in the U.S. and elsewhere in the West.

And by Saturday, Russian online media Interfax was reporting that the FSB Russian intelligence services revealed that it had in fact been the U.S. authorities who had informed Russia "about the leaders of the criminal community and their involvement in attacks on the information resources of foreign high-tech companies.”


The Russian authorities’ seizing of more than $5 million in U.S. currency, euros, bitcoin and roubles, as well as computer equipment and 20 luxury cars, was initiated from a request and information coming directly from Washington.

What does it mean that this development came just on the heels of the breakdown in talks between Presidents Joe Biden and Vladimir Putin? Is the timing mere coincidence or was Moscow sending a veiled message with this unlikely cooperation? What should we know about the importance of cybersecurity as both an international priority and a potential bargaining chip?


REvil is not new to the international scene, though it dropped off the radar after Habr reported in July of last year that the group had carried out a cyber-attack on U.S. tech firm Kaseya, the consequences of which ricocheted around the world, impacting some 1,500 businesses in at least 17 countries.

The FBI also blamed REvil for the attack on JBS USA, a major global meat supplier, with JBS ultimately paying the hackers a hefty $11 million ransom. The ransom demand, according to the US authorities at the time, "came from a criminal organization, probably based in Russia." Ransomware made by REvil was also likely to have been used in the hacking of the U.S. Colonial Pipeline system, the company added, which led to widespread gas shortages on the East Coast of the United States.

Talks in prior months between Biden and Putin have previously touched on the topic of cyber security, with the former accusing his Russian counterpart of doing little to address the problem within his own borders. He called on Putin to take all necessary measures to stem these issues following the attack last July, otherwise, the U.S. would be prepared to shoulder the responsibility itself.

#Хакеры #АрестХакеров #ЗадержаниеХакеров #Вирусы"Федеральной службой безопасности во взаимодействии со Следственным департаментом МВД России в Москве, Санкт-...

Combatting hackers and cybercrime

So what should we make of the operations this past weekend? Was it a sign that Moscow is ready to crack down on cybercriminals inside Russia? Or is its acting now linked to the showdown over NATO and the Ukraine border? The BBC Russian Service also reports Washington’s concern that REvil may in fact be linked to the Russian government itself, asking whether these actions represent nothing more than a move on the part of the Kremlin to cover its own back.

One anonymous U.S. official quoted by the AFP news agency, nonetheless, praised the arrests, saying: “I don’t speak for the Kremlin’s motives, but we’re pleased with these initial actions.”

The hope among Western law enforcement officials is that the move is ultimately not linked to the current geopolitical standoff, and that Russia has simply taken a decisive first step towards a full-scale crackdown on the other ransomware groups operating within its borders.

The dismantling of REvil was carrot and stick all at once.

The arrests constitute an unprecedented public acknowledgment of the existence of cyber-attackers within Russia, also sending a strong message to other Russian hackers that the party is well and truly over.

Yet there is the risk that the operation is ultimately a decoy in the larger battle brewing with the West. The timing, following the failed Biden-Putin negotiations, seems aimed at reminding Washington that such potential cooperation would cease if the United States and its allies impose new harsher sanctions in the event of a Russian invasion of Ukraine.

Combating hackers and cybercrime is crucial for both international security and commerce, and Moscow stands in the middle of it. Indeed, on Sunday, Kyiv blamed Russia for another cyber-attack that knocked out key Ukrainian government websites last week.

In strategic terms, the dismantling of REvil was carrot and stick all at once.

You've reached your limit of free articles.

To read the full story, start your free trial today.

Get unlimited access. Cancel anytime.

Exclusive coverage from the world's top sources, in English for the first time.

Insights from the widest range of perspectives, languages and countries.

FOCUS: Russia-Ukraine War

Wagner's MIA Convicts: Where Do Deserting Russian Mercenaries Go?

Tens of thousands of Russian prisoners who've been recruited by the Wagner Group mercenary outfit have escaped from the frontlines after volunteering in exchange for freedom. Some appear to be seeking political asylum in Europe thanks to a "cleared" criminal record.

Picture of a soldier wearing the Wagner Group Logo on their uniform.

Soldier wearing the paramilitary Wagner Group Logo on their uniform.

Source: Sky over Ukraine via Facebook
Anna Akage

Of the about 50,000 Russian convicts who signed up to fight in Ukraine with the Wagner Group, just 10,000 are reportedly still at the front. An unknown number have been killed in action — but among those would-be casualties are also a certain number of coffins that are actually empty.

To hide the number of soldiers who have deserted or defected to Ukraine, Wagner boss Yevgeny Prigozhin is reportedly adding them to the lists of the dead and missing.

Stay up-to-date with the latest on the Russia-Ukraine war, with our exclusive international coverage.

Sign up to our free daily newsletter.

Some Wagner fighters have surrendered through the Ukrainian government's "I Want To Live" hotline, says Olga Romanova, director and founder of the Russia Behind Bars foundation.

"Relatives of the convicts enlisted in the Wagner Group are not allowed to open the coffins," explains Romanova.

Keep reading...Show less

You've reached your limit of free articles.

To read the full story, start your free trial today.

Get unlimited access. Cancel anytime.

Exclusive coverage from the world's top sources, in English for the first time.

Insights from the widest range of perspectives, languages and countries.

The latest