Hacker attack on Kaseya: where is the Russian trace hidden?

Sergey Kron

The FBI leadership urgently reported on the cyberattack to US President Joe Biden, who demanded that the special services conduct a thorough investigation. But not so long ago, at a meeting with Vladimir Putin, he tried to convince the Russian president to take measures to combat cybercrime. Biden even slipped a memo to Putin at a meeting in Geneva. And there are 16 most important sectors in it, from energy to water supply, where Russian hackers should not meddle.

A few hours later. Biden said: "And yet we are not sure if they are Russians".

A spokesman for the Russian president said Washington has not yet sent inquiries to the Kremlin in connection with the attack on Kaseya. "The topic of hacker attacks, in which the West blames Russia, could become the subject of discussion at bilateral consultations between the Russian Federation and the United States", - said Peskov.

By the way, the most high-profile incident in recent years was the hacking of SolarWinds servers, which became known in December 2020. In the media, it was dubbed the largest cyber attack on US government structures in the past five years. The attackers managed to gain access to the systems of the US Treasury, the National Telecommunications and Information Administration, the State Department and the Pentagon. Among the victims are such IT giants as Microsoft, Cisco, Intel, FireEye. In total, according to the White House, the security of about 16 thousand computers of state and commercial organizations were under threat. Hackers working for the Russian Foreign Intelligence Service were accused of this.

Meanwhile, US intelligence agencies have identified the alleged Russian hackers as belonging to the REvil group, which attacked the North American and Australian subsidiaries of the world's largest meat producer JBS in late May. Then in the USA all 40 factories of the company were suspended. In addition, JBS had to completely stop slaughtering in Australia and cancel shifts at the Canadian plant, which processes up to 4.2 thousand head of livestock per day. In the end, JBS admitted that it paid the bandits a ransom of $ 11 million.

One of the largest ransomware cyberattacks in history has blocked the work of several thousand different companies around the world. For example, in Germany from the REvil attack, according to the Federal Office for Security in the field of information technology, the work of tens of thousands of computers is blocked.

In Sweden, hackers paralyzed the Coop grocery store chain: eight hundred of its outlets did not work for several days due to the fact that criminals “cut down” all the company's cash registers.

The American company BreachQuest, which helps fight ransomware, said that among the victims were a school and a company, from which they demanded a ransom in the amount of 45 thousand dollars.

REvil hacked Kaseya's VSA toolkit and installed a malicious update that affected thousands of the American firm's customers. Hackers have blocked entire accounting systems by encrypting data.

The cyberattack was recorded in the UK, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and even Kenya.

The bandits demanded a ransom in the amount of $ 70 million for unlocking the data encrypted as a result of the hacking.

According to Bloomberg, the REvil hackers may have ties to Russia. Thus, a representative of the group, known under the nickname UNKN, publishes materials only in Russian, the agency points out. The fact that the group consists mainly of Russian-speaking hackers, and is believed to be based on the territory of the former USSR, was also reported by CNBC. At the same time, a representative of the Group-IB Computer Forensics Laboratory explained to Novye Izvestia that if REvil speaks Russian, this does not mean at all that the hackers are Russian. In addition, at present, no one has any evidence of their involvement in pro-government hacker groups.

“Cybercrime can only be defeated by the whole world, but geopolitics is hindering this”, - says Yevgeny Kaspersky , one of the world's leading IT security experts, head of Kaspersky Lab.

In an interview with RIA Novosti, he said that he started talking about cooperation between countries on cyber security issues since 2003, because even then it became clear that this is a very serious problem. Cybercriminals commit crimes on a network that has no borders. Police units operate only on their own territory. And it is completely ineffective to fight cybercrime with the forces of disunited cyber police units.

“The most vicious, the most professional hackers speak Russian”, - said Yevgeny Kaspersky. - But there is cybercrime, and there is cyber espionage, there are criminals, and there are hackers who work for the state. We cannot specify exactly which country the attack came from, but we can guess, for example, by the language. Sometimes there are lines of code, all sorts of typos, and then we can figure out what language they speak. The most professional, most aggressive espionage attacks are carried out by those who speak English, Russian and Chinese. Among the hackers there are Chinese, Spanish, Portuguese, Turks, Russians. That is, all languages are there, including broken English. But most of the time, common cybercriminals speak Chinese and Latin American Spanish.

- If we talk about the most professional cybercriminal gangs, they almost all speak Russian. Why? Because the best programmers in the world also speak Russian. The Soviet, Russian education system generates the most intelligent programmers in large numbers. The most vicious cybercriminals graduated from the same universities as the most professional programmers who work on the bright side.

It is understandable why they talk about Russian hackers - because they are the most advanced and technically equipped. In doing so, they sometimes create international gangs in which representatives of other language groups participate. I am not talking about the citizens of Russia, I am talking about the Russian speakers, although the majority of Russian citizens are there. In international gangs created by Russian-speaking hackers, they do all the technical stuffing, and all other members perform other functions.

I have no information that could somehow point to the Russian state, the Kremlin and confirm that it is they who are behind the criminal structures, - said Kaspersky.

President Vladimir Putin told reporters after a summit with US President Joe Biden that Washington and Moscow had agreed to begin consultations on cybersecurity. He added that the parties should discard all attack conspiracy theories that continue to be imposed by opponents of Russian foreign policy.