The war in Ukraine has many consequences. One is a minor revolution in the world of cybercrime.
As the Ukrainian front appears to be stabilizing, new players are entering this war with Russia: Russian cybercriminals. The latter have decided to join the Kremlin’s forces, taking an oath of allegiance on forums frequented by hackers. The most eloquent is that of Kilmini, leader of Killnet, who calls for the creation of a veritable cyber army of volunteers for the defense of the “motherland”. This rapprochement between hackers and Russian authorities seems voluntary, but a takeover of the cybercriminal world by the Kremlin cannot be ruled out. This could foreshadow an imminent strengthening of the cyber war caused by the invasion of Ukraine.
Because groups of Russian cyber criminals are feared all over the world, be it Conti, Killnet, Lockbit or Ragnar Locker. These groups have specializations and are therefore complementary in attacking targets designated by the Kremlin. Conti is in favor of ransomware and has, for example, put the oil tanker Shell on his list. Killnet is a specialist in Dos and DDOS attacks. This is the youngest group as it was completely reorganized by leader Kilmini, who broke away from the less patriotic members. Lockbit has the particularity of renting out its ransomware to the highest bidders. Ragnar Locker is also a ransomware specialist, but guards his product jealously.
Killnet leader Kilmini calls for the creation of a cyber army of volunteers to defend the “motherland”
These groups have very different organizational patterns. If Killnet and Ragnar Locker operate on a pyramid scheme, Conti has an organization similar to that of a terrorist group, with a system of autonomous cells that are independent of each other. Lockbit, praising his creations, has another pattern; it is very difficult to confirm whether an attack with his program is his own unless he promotes it on specialized sites.
Killnet has already announced that it wants to target arms companies coming to the aid of Ukraine. The first of their victims is gunsmith Lockheed Martin, who supplies the terrifying Javelin missiles to the Kiev and Himra army. These rocket launchers have already taken a heavy toll on the Russian military. Ragnar Locker has decided to focus on the gas and energy sector, the Achilles heel of the European Union. On August 23, the Greek gas group Desfa announced that it had been the victim of a cyber attack. This would have damaged some of its systems and there are concerns about possible data breaches. An attack that is all the more targeted because this group is responsible for managing part of the future gas pipeline connecting the EU to Azerbaijan. Lockbit, for its part, seems to be blindly attacking any Western organization without any real strategy: so it could be the cause of the cyber attack on Corbeil-Essonnes hospital.
But why would the Kremlin, which prides itself on having one of the best cyber armies in the world, need the help of these groups? For starters, they have a lot of experience in the field of hacking. They do not need to be compensated, because like modern hijackers, they find their reward through the ransom demanded from their victims. Result: its use costs the Russian state absolutely nothing. In addition, they are replaceable pawns for the Kremlin; if a western state launches an operation against these groups, it will not affect Russian power. Moreover, since these groups are not officially affiliated with the military, if any of them go too far, the Kremlin will simply have to deny any affiliation with them.
Another Kremlin interest in recruiting these groups is keeping the cybercriminal world in check. In fact, this environment has always benefited from support within Muscovite power circles, but the desire to involve them permanently in this power is new. Russian rulers want to reproduce what they did to the country’s criminal world in the 90s. A voluntary or forced rein! Behind the re-establishment of a cyber army, the Kremlin is only expanding its hold on Russian society.
Admission of weakness
But wouldn’t the recruitment of these groups be an acknowledgment of the weakness of the Russian armed forces? According to a report by the US Congress, the Russian cyber army is divided into three units. The first would be under the auspices of the GRU (Military Intelligence), the second would obey the SVR (External Intelligence), and the latter would respond to FSB (Internal Intelligence and Counterintelligence) directives. But they would suffer the same evils as their classic army counterparts: units in bad shape and whose combat power would be vastly overestimated. As a result, the Kremlin, like their sister units in the regular army, must find armed forces to fill their gaps. For the conventional army it is the Wagner Group mercenaries and the volunteer battalions, for the cyber army it is the cybercriminal groups.
As a result, the Kremlin’s recruitment of these criminals offers her multiple benefits. To see in the long run whether these groups are unlikely to regret their oath of allegiance. Because they can serve as cannon fodder and suffer heavy losses, like their Wagner comrades who pay a high price on the Ukrainian front
- when hackers go to war with each other
- developers and franchisees”
- In Russia, Anonymous declares war on a group of pro-Putin hackers
- what impact for subscribers?
- PLAY claims the cyber attack that hit the Alpes-Maritimes