On Friday, a senior administration official said Russia had informed the United States of the arrest of hackers, including a person involved in a cyberattack on the Colonial Pipeline pipeline in May.
According to the Russian FSB, 14 potential group members were detained in Moscow, St. Petersburg and other cities.
On Friday, a court in Moscow arrested two of the detainees – Andrei Bessonov and Roman Muromsky.
The Colonial Pipeline hack, which became the largest cyberattack on oil infrastructure in U.S. history, has been attributed to the hacking group DarkSide, which develops extortion programs. The arrest of a REvil representative is likely to indicate a connection between these criminal groups.
In the summer of 2021, REvil hackers launched a large-scale campaign against the software vendor Kaseya, which affected more than 1,500 companies.
In November, the U.S. Department of Justice accused 22-year-old Yaroslav Vasinsky and 28-year-old Yevhen Polyanin of taking part in the attacks.
In addition to the Kaseya campaign, the REvil group also attacked a major meat supplier, JBS, in June, forcing it to close most of its beef plants in the United States.
REvil is most known for blackmailing Apple supplier Quanta for about $50 million. REvil had obtained schematics revealing the key details of the upcoming MacBook Pro designs about six months before they were launched by Apple. The attempt was unsuccessful as the company did not pay up the money.
“We expect Russia to prosecute, within its own system, these criminals for the data they created, for the fact that they did it – that is our expectation. And we expect them to stand trial,” A senior U.S. administration spokeswoman said.
Rare cooperation between the U.S. and Russia
Russia’s Federal Security Service said the arrests were made at the request of the United States, which is a rare case of cybersecurity coordination between the two countries.
Last year in Geneva, the Russian President Vladimir Putin and the U.S. President Joe Biden had created an expert group specializing in the fight against ransomware viruses. After that, Washington gave Moscow information about hackers in Russia who were suspected of carrying out “subversive attacks on critical U.S. infrastructure.”
The United States does not have an extradition treaty with Russia, but Washington expects Russia to “take legal action within its system” to bring the suspects to justice.
In November 2021, White House President Joe Biden said that U.S. law enforcement action against the hacker organization REvil was a confirmation for Russian President Vladimir Putin that the United States has serious intentions to fight cybercriminals.
The FBI said it had seized $ 600,000, 500,000 euros, 426 million rubles, computer equipment, cryptocurrencies used to commit cybercrime, and 20 cars bought with illegally obtained money.
“When I met with President Putin in June, I made it clear that the United States would take steps to bring cybercriminals to justice. That’s what we did today, “Biden said.
He said that the U.S. government would do everything possible to stop malicious cyber activity, increase the resilience of its own computer systems, and overcome the abuse of extortionists by virtual currency. In addition, the United States, together with international partners, will work to disrupt the ecosystem in which hacker groups exist and operate.
U.S. law enforcement agencies withdrew about $ 6 million from cryptocurrency accounts paid to REvil hackers as a ransom. In addition, the U.S. Treasury Department has imposed sanctions on two citizens of Russia and Ukraine and their cryptocurrencies for participating in the malicious cyber activities of the REvil group.
The U.S. State Department announced multimillion-dollar rewards for information that would lead to the leaders of the Russian-linked hacker group DarkSide, which acted against the United States and its allies.
100,000 fake emails from the FBI’s mail server
In the same month, unknown hackers sent at least 100,000 fake emails from the FBI’s mail server.
The hackers’ motives are unknown, and it is unclear how they gained access to the FBI’s email system, the agency and the Agency for Cyber Security and Infrastructure Protection said, declining to share more details.
A rather bizarre message sent to site administrators in the United States mentions writer Winnie Troy, who writes about cybersecurity, as well as a group of cybercriminals called the Dark Lord.
The hackers signed on behalf of the U.S. Department of Homeland Security’s cyber threat detection and analysis team, which has not existed for at least two years.
Cyber attack on U.S. National Rifle Association
In October 2021, hackers from the Grief group, which is linked to Russia, attacked the U.S. National Rifle Association (NRA), demanding money for not disseminating the stolen information. The gang had published several NRA files on the darknet site. The files relate to grants of the association. As per the media, the NRA had problems with email, which is a potential sign of an attack by extortionist programs.
The U.S. National Rifle Association is an influential non-profit organization that unites supporters of the right to carry and store weapons. It is closely associated with the interests of the Republican Party of the United States.
Why do hackers manage to escape punishment?
Cyber villains now feel at ease because no one will arrest them when they do not attack victims on their territory.
The head of Kaspersky Lab, Evgeny Kaspersky, speaking to the Russian media last year, said the cybercriminals commit crimes in a network where there are no borders. Police units operate only on their territory. And it is entirely ineffective to fight cybercrime with the help of disparate cyberpolice units. Even if the attackers are arrested, they will be immediately released in the courtroom.
As per Evgeny, the cooperation between different countries on cybersecurity issues was built over several years, and its peak was in 2015-2016. Then a rather successful joint police operation was carried out by Russia, the USA, and some European countries against the high-profile international cyber gang Carbanak. That is, it is technically possible to organize such cooperation, but then everything was destroyed – “geopolitics intervened in full.”
Evgeny also said that most of the hackers are Russian speaking as the English speaking hackers have been wiped out. The Russian hackers come from the same Soviet education system which has produced the best security experts.