Hackers are used as a multifunctional political weapon in the US-Russian relations.
Evil Corp which also goes by the name REvil, and is also known as Evil Corp, is one of the largest multi-national cybercrime networks which is famous for stealing millions of dollars from different bank accounts worldwide. This organization has been internationally recognized as a dangerous and most harmful hacking group in the world. The group is operating by massively distributing the phishing mail by opening which, users provide hackers with the entrance to their confidential information. Evil Corp is pursued by the international law enforcement, however unsuccessfully. Starting from March 2021, in addition to the phishing attacks, Evil Corp allegedly, has been performing ransomware attacks on various US companies such as Acer, JBS S.A., Invenergy, Kaseya, and others.
US has been investing significant resources to detect the responsible for these attacks, and indeed, after each of these attacks, all the signs were pointing on REvil or its affiliated structures. One the of the key signs of recognition – is the code piece validating that the targeted networks are not operating from Russia and CIS countries (former Soviet Union countries). FBI has detected that Maxim Viktorovich Yakubets is taking a leading position in the Evil Corp hacking group, as well as his friend Turashev. In 2019, FBI has set a $5 million USD reward for any information that will lead to Yakubets’s further arrest. However, since he is in Russia, there’s no US jurisdiction upon him – failing all attempts to get Yakubets arrested. Yakubets is known in Russia by his connections with the FSB – the Russian intelligence, and has been occasionally seen in Moscow, driving his Lamborghini. Yakubets’ connections, together with the severance of Evil Corp’s attacks, point on clear connections between the Russian state and these hackers.
The background for these attacks is very much important. As it is known, during the last years – the tension between the US and Russia is escalating, and mutual cyber attacks and intelligence operations are being held. Some of the analysts claim that we are in a “cold war v2.0”, and the countries’ leaders admit that the relations between the countries are at their lowest point since the cold war and the fall of the Soviets.
Aiming to reduce, at least a bit, the rising tension between the two superpowers, countries’ leaders – Joe Biden and Vladimir Putin have conducted a mutual meeting on June 16th, 2021, in Geneva, Switzerland. During these meetings, as President Biden admitted himself, an extensive portion of time was devoted to cyber security issues – and the cyber-attacks that Russian has allegedly conducted. Both leaders have agreed to keep certain infrastructure facilities off limits to attack – by any means.
Though, shortly after this meeting, in a bout two weeks, another two attacks have taken place – on July 2nd – Kaseya desktop management service, and on July 7th Florida-based space and weapon launch tech company HX5. Shortly after this, on July 9th, Joe Biden has called Vladimir Putin, making clear, during their conversation that if no actions will be taken – regarding the cyber attacks launched from the Russian soil – there’ll severe consequences to Russia. On July 13 all infrastructure associated with REvil, including their website, servers, and other cyber infrastructure was vanished. According to various sources, the decryption keys for the ransomware attacks were quietly transferred by the FSB to the US authorities.
According to Yuri Shvets, a former KGB agent – operating in the US during the 80’s, and an American intelligence analyst in present – During the meeting between Biden and Putin – a clear ultimatum was given to Putin regarding the cyber-attacks. However, since the attacks following their summit have occurred, Biden has decided to call once again Putin – giving the very last warning before taking active actions, ruled by the Cyber Command in the Pentagon. As turns out, this measure was effective, since REvil has completely vanished from the cyber space 4 days past the call.
Though, as Yuri Shvets analyzes, the background for the last attacks is clear. It is the rivalry between two Russian clans – Putin’s one, and the second one of Mr. Nikolay Patrushev. Patrushev is so called, the “godfather” of the FSB, former director of the FSB, and is currently serving as the Secretary of the Security Council of Russia, a consultative body of the President that works out his decisions on national security affairs. According to Yuri Shvets, Patrushev is understanding the stagnation of the country’s regime, and political elite, and hence is trying to destabilize the system from the inside. Performing such cyber-attacks is coming to discredit Putin’s reputation, testifying that President Putin is not fully in charge anymore, and is being a declining power.
Though, as explained, REvil has been wiped out the web in July, right after the conversation between the Russian and the US leaders. However, in September signs for REvil hacker group reappearance have been shown. On Exploit – an infamous Darknet forum, REvil members have shown signs of reemerging their operations, reestablishing ties with their affiliates and claiming in writing that the group is back performing. On September 7th the hackers’ group blog – “Happy Blog” was back online.
The rivalry between Russia and US hasn’t been that tense for decades, as well the internal situation in Russia. Hence, due to unprecedented instability between all parties involved, the REvil hacking group operations are an ongoing event, which outcomes are not yet known. We will keep following the latest news on this topic and keep reporting the hottest developments in the cyberspace between Russia and the US.