WASHINGTON – Moscow’s intelligence services have influence over Russian criminal ransomware groups and have a broad understanding of their activities, but they do not control the organization’s targets.
Large ransomware attacks against high-profile American critical infrastructure attributed to Russian criminal groups were disappointing, at least until now એક a break that reflects Moscow’s ability to partially investigate criminal networks operating in the country, some U.S. officials said. .
But the ransomware group, Revil, which disappeared after the summer attacks, appears to have returned to the Dark Web this week and reactivated the victim portal to make payments.
While the attacks have subsided, “it is a reasonable condition” that criminal networks are looking for clues from the Russian government on how they can resume their attacks, said Chris Inglis, national cyber director.
“I wonder if it will make a difference whether Vladimir Putin and others who have the ability to enforce the law, international law, will make sure they don’t come back,” Mr. Inglis said this during an event organized by the Reagan Institute on Thursday. “But it’s too early to say that we’re out of the woods in this matter.”
The report, by the cybersecurity company Record Future, supports the assessment of American officials who have said that Russia does not directly tell groups what to do but is aware of their activities and claims influence. Some U.S. officials said Russian intelligence agencies recruit talent from both groups and may set some limits on their activities.
The report found that Russian intelligence officials have long had ties to criminal groups. “In some cases, it is almost certain that the intelligence services maintain established and orderly relationships with criminal intimidators.”
In recent months, Recorded Futures has also published interviews with Russian hackers involved in ransomware attacks against the United States.
The Russian government’s relationship with criminal hackers is different from that of other rival powers, such as China or North Korea.
Justice Department officials have accused the Chinese government of recruiting some criminal hacking gangs operating in its territory. In turn, China’s intelligence services allow criminal groups to attack American businesses.
China’s control over its hackers is similar to the kind of tight restrictions it places on society, business and its propaganda efforts.
But the Russian government’s approach is different. According to US government officials, Moscow allows alligators and criminal groups to pursue their own plans unless they challenge the Kremlin, and in general President Vladimir V. Are working towards Putin’s goals.
As a result, Russian control of hackers is often oozy, which Mr. Putin and other Russian officials have a degree of denial. But the risk is that criminal groups could go too far, provoking a strong response from the United States, U.S. officials said. Mr. Putin’s strategy of choice is to allow hacking to cause trouble for the United States, but also to end the international crisis.
Christopher Ahlberg, chief executive of Recorded Futures, said the government people do not instruct who to hack, but there is a really interesting connective tissue between the government and criminal networks in the long run.
Russia’s Federal Security Service, an intelligence agency known as the FSB, has cracked down on hackers specializing in ransomware, Deputy Assistant Attorney General Richard W. Downing told a Senate hearing in July.
“As we know, Russia has a long history of ignoring cybercrime within its borders until criminals become victims of non-Russians.” Downing said.
The Russian government gives hackers a measure of security, and in return, it occasionally taps their skills – and a portion of the money earned by ransomware groups flows to officials. Ahlberg said.
Experts from Record Future and U.S. government officials argued that the Biden administration pressured Russia to control criminal groups that attacked a major U.S. energy provider Colonial Pipeline in May and other companies at least killed Mr. Putin on the defensive.
But Mr. Ahlberg said the temptation of large returns from ransomware attacks can be very difficult to ignore in the long run.
Darkside, a Russian hacking group whose breach of a colonial pipeline caused a shortage of gasoline on the East Coast, soon dissolved under pressure from American and Russian officials. Recorded future experts believe the group members are reactivating.
“Once you make 500 million and it’s fairly easy to make, you’ll keep doing it.” Ahlberg said.
The report concludes that the long-running relationship between criminal hackers and Russian intelligence services is unlikely to weaken.
“Apart from taking some limited measures to meet international demand, the current Russian government is unlikely to crack down on cybercrime in the near future,” the report said.
Russian intelligence began recruiting skilled computer programmers about 30 years ago. After being arrested on suspicion of hacking-related crimes, some claimed they were approached by people connected to the intelligence services, a practice that has continued in recent years.
But in addition to such tremendous recruitment, some hackers want to voluntarily support Russian strategic targets.
Among the most prominent is Dmitry Dokuchev, according to the report. He is a former chief in the FSB, a successor to the KGB and the main security and intelligence agency in Russia.
According to American law enforcement, the criminal hacker, who specializes in stolen credit cards, was hired by the FSB at least until 2010 and worked with them until 2016.
In 2017, American prosecutors sued Mr. Dokuchev directing and paying criminal hackers. He and others were charged with espionage and gaining access to about 500 million Yahoo accounts for personal gain.
Mr. Dokuchev also came under suspicion in Moscow, and was eventually arrested on charges of being a double agent for the United States. Mr. Dokuchev was released from prison in May after serving just four years of his six-year sentence.
The recorded Future report argued that with the exception of a few actions by people targeting Russian institutions, Moscow has done little to deter criminal hackers.
“The Kremlin’s muted response to cybercriminal activities originating within Russia has nurtured an environment where cybercriminal organizations are well-organized enterprises,” the report said.
Andrew E. Kramer The report from Moscow contributed.