Incidents

Crime and punishment?

Yesterday a full stop was placed to one of the most notorious cases of cybercrime in Russia over the past few years.

Kaspersky Lab didn’t take part in this case, although of course we followed it with interest.

The case was investigated over two years; the amount of time taken did give rise to the thought that maybe the investigators were having some problems. We’ve got used to the fact that in Russia, the vast majority of cyber crime cases never make it to court, and those that do end up with conditional sentences and fines.

Yesterday’s sentence shocked us. 8 years in jail. Article 273 (creating and distributing malicious programs for the IBM) of the Criminal Code of the Russian Federation prescribes from 3 to 7 years imprisonment for crimes committed as part of a group. Clearly, the defendants were sentenced in accordance with Article 163, (extortion, sentence from 7 – 15 years imprisonment).

DoS attacks were the scourge of the Internet between 2002 and 2004. However, we’ve noticed a real drop in the number of attacks, and it could be said that this type of cyber crime is already pretty much extinct.

The zombie networks used to conduct this type of attack haven’t gone away. It’s just that cyber criminals have found more profitable and less risky ways to use these networks: sending spam, spreading adware, and stealing users’ personal data. Zombie networks are causing far more damage to far more people than they ever did when they were being used to conduct DoS attacks.

The script kiddies who conduct DoS attacks are on the lowest rung of the cyber crime ladder. The ‘real’ cyber criminals work in a much more subtle manner, putting them currently beyond the notice of law enforcement bodies.

The sentence given yesterday in Saratov is clearly designed to demonstrate to the West that Russia is battling against cybercrime, and is capable of working closely and successfully with agencies in other countries. This strict sentence is the first time a cyber crime trial in Russia has resulted in a real prison sentence.

We can only hope that in future the Russian law enforcement bodies won’t just be involved in widely publicized cases, but will also be able to react quickly and professionally to any type of cyber crime.

Crime and punishment?

Your email address will not be published. Required fields are marked *

 

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox