May 24, Sleuthcon 2024 in Arlington, VA
Presented by Will Thomas
Will Thomas is a Cyber Threat Intelligence Researcher and Threat Hunter from Equinix, sharing his lessons learned from studying the unique dynamics between the Russian government and the underground world of Russian speakers.
Tune into this talk to learn about the intricate relationship of cybercriminals and state intelligence services, and Russia’s position as a hub for cybercrime campaigns. The combination of the low-income failing economy of Russia and their seemingly permissive stance on such activity, makes cybercrime a promising path for many.
Will provides a comprehensive exploration of Russia’s cybercrime ecosystem, unspoken agreements between criminals and the state, and the case studies that highlight the complexities of this intersection, and what implications it has on global cybersecurity. Through giving this talk he hopes to be able to help analysts and cybersecurity professionals to think deeper about intrusions, mitigate biases, and reshape the way we make connections.
Timestamps:
0:00 Introduction/about
00:47 Aim of the talk
01:22 Russia's long relationship with cybercrime
04:06 Cybercrime and Russia intelligence services
08:13 Case study (FSB and Andromeda Botnet)
09:06 FSB and The DaVinci Group
11:14 SVR and Infostealer Malware
12:19 SVR's vs. OSTs
14:03 GRU's Cybercrime Botnet/Crimeware/Forums
17:45 Cybercriminals targeting Ukraine
18:24 Current ransom war
18:48 Russian arrests
20:41 Conclusions
21:55 Further reading
