Russian-speaking groups from the former Soviet Union are leading the way in cybercrime in the world of cryptocurrency, according to a recent report by TRM Labs. These threat actors are involved in various types of crypto-related crimes, including ransomware attacks, illegal crypto exchanges, and darknet markets.
The report highlights that ransomware groups who speak Russian were responsible for a significant portion of ransomware earnings in 2023, making up at least 69% of the total earnings, which amounted to over $500 million.
TRM Labs specifically pointed out two major players in the crypto crime world – Lockbit and ALPHV/Black Cat, both of which are Russian-speaking groups. Together, they generated a combined revenue of at least $320 million from their illicit activities in 2023.
Furthermore, Russian-language darknet markets (DNMs) are dominating the dark web drug sales conducted in cryptocurrency, accounting for 95% of all such transactions globally. These DNMs serve as platforms for the illegal trade of drugs, utilizing various technologies to maintain anonymity and facilitate transactions.
The report also shed light on Garantex, a crypto exchange based in Russia that was sanctioned by OFAC in April 2022. Despite the sanctions, Garantex managed to handle 82% of the crypto volumes associated with all sanctioned entities worldwide in 2023. This included transactions involving Russian actors sending crypto to sanctioned Chinese manufacturers for military equipment and components used in the conflict in Ukraine.
According to TRM Labs, over $85 million has been sent to wallets linked to Russian and Chinese entities involved in the manufacturing, transport, and sale of military equipment and components since 2021. This volume is expected to increase as more entities are identified, and it may also involve transactions unrelated to the war effort, as part of broader cross-border trade between Russia and China settled in cryptocurrency.
The report highlighted the connections some Russian-speaking threat actors have to the Kremlin and their use of cryptocurrency to procure foreign equipment for the Russian war efforts. Over the past three years, millions of dollars have been funneled into wallets used by Russian and Chinese entities involved in such procurement and cross-border trade.
In conclusion, the dominance of Russian-speaking groups in the world of crypto-related cybercrime poses significant challenges for law enforcement and regulatory authorities. The evolving nature of these threats requires ongoing vigilance and collaboration at both national and international levels to combat illicit activities in the cryptocurrency space.