Russia relies on hacker gangs to launch disruptive attacks against Western infrastructure, the Organized Crime and Corruption Reporting Project (OCCRP), an international investigative journalism organization specializing in organized crime, indicated on June 3.
“Russia makes agreements with different Russian cybercriminal groups […], in exchange for leniency on certain crimes, if they help it orchestrate disruptive campaigns and cause economic damage against U.S. and European organizations,” Víctor Ruíz, founder of the SILIKN cybersecurity center in Mexico, told Diálogo.
“Cybercriminal groups help the Kremlin to have a greater reach. In case they are detected or identified Moscow can disassociate from them,” Ruíz added. “These groups are not only made up of Russian nationals but [of people] from other parts of the world. In addition, they recruit disgruntled employees to give them access to the systems of the organizations to be attacked.”
Cybersecurity authorities in Australia, Canada, the United States, New Zealand, and the United Kingdom warned in April that Moscow is exploring options for potential cyberattacks and urged critical infrastructure networks to prepare for and mitigate cyber threats, the Infrastructure Security and Cybersecurity Agency of the U.S. Department of Homeland Security, said in a statement.
While the most destructive cyber weaponry will remain in Russia’s exclusive custody, there is “every incentive” for the Kremlin to mobilize criminal groups, OCCRP said. The involvement of these nongovernmental groups could escalate very quickly and cause unintended consequences, The New York Times reported.
The next step
“Initially the attacks were directly against [public and private] organizations in the West, but since many of these institutions are well protected, Moscow’s next step […] was to go against Latin American countries that don’t have as much control,” Ruíz said.
The attacks could paralyze the operations of critical infrastructure services such as drinking water, oil, electricity, and food supply chains, Ruiz said. According to OCCRP, cyberattacks against the energy sector would result in loss of life, as well as significant damage to property and the environment.
Costa Rica and Peru
In April, the Russian criminal ransomware gang Conti, which encrypts information for ransom, attacked several high-profile public and private institutions in Costa Rica, the Costa Rica Hoy newspaper reported. Simultaneously Conti, operating under the Kremlin’s protection, attacked Peru’s General Intelligence Directorate, the Mexican cybersecurity news site Cibertip reported.
“Before the end of 2022 several governments in Latin America could suffer attacks such as in Costa Rica and Peru,” Ruiz added. Mexico, Brazil, Peru, and Colombia are the countries in the region facing the most cyber threats.
For ransomware victims, an incident represents economic losses as operations are halted for days or weeks, Chilean digital business news site BN Américas reported.
These groups of cybercriminals “are organized crime. They are very well coordinated, share resources and stolen information with other cybercriminal cells, and form new groups after attacking,” Ruíz said. “The Kremlin is going after cryptocurrencies, which are difficult to track; it will attack the wallets of companies, normal users, and governments.”