Google researchers say Russian intelligence services are using cybercriminals’ tools to keep their cash-strapped operations running.
Russian intelligence agencies are relying more on cybercriminal groups loyal to the Kremlin to support the country’s disruption campaigns in Ukraine, Google said in a new report.
« Russian intelligence services have increasingly leveraged pre-existing or new relationships with cybercriminal groups to advance national objectives and augment intelligence collection, » the researchers said in the report published Wednesday.
Criminal tools are often easily available on the dark web at a low cost, and thus much cheaper and faster-developing than malware and tools designed by intelligence services’ hacking groups themselves, the researchers at Google’s Threat Intelligence group said.
The report comes on the eve of the Munich Security Conference later this week, where cybersecurity officials will gather to discuss international efforts to defend countries against the growing barrage of cyberattacks, among other security issues.
The new research showed an increasingly blurred line between state-to-state cyber aggressions on the one hand and defending governments and industry organizations against cybercrime on the other. The latter has traditionally been seen as more financially motivated.
Other benefits are that it obfuscates who is behind a hack and that, if an operation using certain malware is discovered, the cost of developing a new tool does not fall with the intelligence agency, researchers said.
As an example, Russia’s notorious military intelligence hacking unit APT44 (also called Sandworm) has used tools acquired from cybercrime gangs to conduct espionage and disrupt Ukrainian war efforts since the beginning of the war in 2022, researchers said.
Crime gangs like CIGAR (also known as RomCom) were found to deploy ransomware to carry out undercover operations against the Ukrainian government, they added.
