Non-Western nations are increasingly relying on cybercriminals for intelligence and cyberwarfare operations.
A few countries, including Russia, are increasingly turning to cybercriminals to support their state goals, such as Russia’s war in Ukraine.
According to a report by Google Threat Intelligence Group (GTIG), this approach has several benefits for sponsoring states, including lower costs and increased deniability.
“Russian intelligence services have increasingly leveraged pre-existing or new relationships with cybercriminal groups to advance national objectives and augment intelligence collection. They have done so in particular since the beginning of Russia's full-scale invasion of Ukraine,” Google says in the report.
Cybercriminal gangs often purchase malware, credentials, or other key resources from illicit forums, which is usually cheaper than developing them in-house. It also allows them to attract less notice.
The report discusses the activity of several Russian-sponsored groups, including UNC2589, Turla, APT29, and Conti, which have expressed public support for Russia.
Another group, APT44, has used criminally sourced tools and infrastructure as a source of disposable capabilities that can be operationalized on short notice without immediate links to its past operations sponsored by Russian military intelligence.
“Since Russia's full-scale invasion of Ukraine, APT44 has increased its use of such tooling, including malware such as DARKCRYSTALRAT (DCRAT), WARZONE, and RADTHIEF,” says Google in its blog post.
In one campaign, spear-phishing emails targeted a Ukrainian drone manufacturer and leveraged SMOKELOADER to load RADTHIEF.
While Russia is the country that has most frequently been identified drawing on resources from criminal forums, it is not the only one. China and North Korea are also increasingly turning to cybercriminals.
Your email address will not be published. Required fields are markedmarked