Skip to content
RealinfoSec.net

RealinfoSec.net

InfoSec News, Cybersecurity Awareness

  • Home
  • InfoSec News
    • Data Breach News
    • Latest Vulnerabilities
  • What Is InfoSec
  • CyberSecurity Newsletter
  • Cyber Academy
  • Cyber Help Desk
  • Cyber Knowledge Base
  • Contact Us
    • Contribute
  • My Bookmarks
  • Subscribers
    • Knowledge Quizzes
    • Register
  • Login
    • Password Reset
  • Register
  • Privacy Policy
    • Legal
  • Toggle search form
Putin

Why did Putin Pwn Russian Hacking Group REvil?

Posted on 20 January 202227 January 2022 By RiSec.n0tst3 4 Comments on Why did Putin Pwn Russian Hacking Group REvil?

The biggest name in cybercrime was taken completely offline courtesy of the Russian secret service agency the FSB, in quite a surprising plot twist because Russia has over the past few years become a well-known safe haven for Cybercriminals.

It’s become a bit of an unwritten rule that as long as Russian black hats didn’t target Russian citizens or Russian companies, and instead focused their money-making attacks on the rest of the world, usually with ransomware, they were largely allowed to exist by the Russian authorities that were until a one weekend in January 2022, when the rebel ransomware group was stung by Russian authorities, all caught on camera.

REvil members allegedly had their homes raided, stacks of cash were seized as well as crypto wallets, which totalled millions of dollars. In a clip released by Russia, you see an REvil member answer a knock at the door only to be raided by police. In total, 14 members of REvil were arrested Russia say, and these guys are supposedly responsible for some of the biggest cybercrimes in the entire history of the internet.

Some of REvils largest attacks include, exfiltrating and leaking top-secret Apple schematics, hacking U.S Nuclear Weapons contractors, the well-known Colonial Pipeline hack and of course the Cassaya ransomware attack in which the hackers claimed to have ransomed a million computers. Notice how none of these hacks targets Russian’s, if they had well then they probably would have been shut down a long long time ago.

Why did Putin wait to take action

The obvious questions are why have the authorities waited until now to take action. How big of a deal really is this.

Recommended:  How the Deep Web Works

Does this takedown signal the end of Russian Cybercrime as we know it. Has Putin developed sympathies for U.S companies falling prey to Ransomware, probably not. The best answer to the question of why, probably goes beyond Cybercrime, the running theory is, that this is purely politically motivated. Russian relations with the U.S have never been amazing, and at the moment they’re really not particularly good.

The fact that Putin has the ability to disarm these Cybercrime gangs is a major card on the negotiation table with the U.S. These Cyberattacks originating from Russian gangs are no joke, take the Colonial hack for example, A Russian Cybercrime gang effectively shut down a major U.S pipeline, causing fuel shortages and a run a gas stations in some U.S states. Through what is probably wilful neglect on the part of the Russians, who knows, maybe it is top tier strategy.

The reality is that this action is largely symbolic even before this takedown, REvil themselves had become largely irrelevant, after the monumental Kasaya ransomware attack, REvil disappeared. They did spring up again a few months later but by disappearing they lost a lot of credibility in the cybercriminal underworld and their affiliates weren’t happy. Some reported that REvil refused to pay them and just ran away with their cut, things were so bad for REvil that this previously famous and respected cybercrime gang was forced to increase the share of commission they offer in a bid to even attract affiliates.

Affiliates are the ones who spread ransomware on behalf of a cybercrime gang, usually, affiliates get 70-80% of the takings but REvil had gone so far as to offer 90%. However, it turns out that in this reboot of their operations, they had restored from a backup which just so happens to have been compromised by the FBI giving the bureau complete access to their infrastructure. The FBI then shut down their operations in October making REvils return rather short-lived.

Recommended:  WP-UserOnline Stored Cross-Site Scripting (XSS) PoC - 2.87.6 <=

At the time of the Russian raids just days ago, REvil was no longer even operating, whilst sure the arrests of the 14 rebel members take some experienced cyber criminals off the internet it was more so done for theatre than anything else. Researchers undercover on various BlackHat forums confirmed that in the words of Russian cyber criminals, REvil members were just pawns in a big political game.

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

You may also enjoy reading, Red Cross hit by a Sophisticated Cyber Attack leading to Databreach

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark

Please login to bookmark

Social Comments Box
  • About
  • Latest Posts
RiSec.n0tst3
Connect
RiSec.n0tst3
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect
Latest posts by RiSec.n0tst3 (see all)
  • JD Sports:Cyber Attack affects 10 million customers - 30 January 2023
  • InfoSec – A Newbie Guide – InfoSecurity - 25 January 2023
  • Apple is accused of censoring apps in Hong Kong and Russia - 22 December 2022
Share the word, let's increase Cybersecurity Awareness as we know it

No related articles.

Recommended:  AWS Patches Glue Bug That Put Customer Data at Risk
InfoSec News, Trending Tags:action, alternative, cyber awareness, cybercrime, cybersec, cybersecurity, infosec, infosecurity, pipeline, Putin, Pwn, ransomware, relations, REvil, russia, tensions, why, why did putin

Post navigation

Previous Post: US sanctions former Ukrainian official for helping Russian cyberspies
Next Post: McAfee Agent bug lets hackers run code with Windows SYSTEM privilege

Related Posts

Hacktivism and DDOS Attacks Rise Dramatically in 2022 InfoSec News
vulnerability Unpatched Critical Atlassian Confluence Zero-Day RCE Flaw Actively Exploited InfoSec News
Inadvertently, a researcher crashes the KmsdBot Cryptocurrency mining Botnet InfoSec News
Zero-day New QBot Malware is dropped by attack that leverages Windows Zero-Day flaw as a cover. InfoSec News
wordpress Three Plugins with Same Bug Put 84K WordPress Sites at Risk InfoSec News
LockBiit logo Fake copyright infringement emails install LockBit ransomware InfoSec News

Comments (4) on “Why did Putin Pwn Russian Hacking Group REvil?”

  1. Pingback: 17 Million Jobs In Jeopardy As New Privacy Bill Aims to Curtail Targeted Ads | Realinfosec.net
  2. Pingback: Malware That Can Survive OS Reinstalls Strikes Again, Likely for Cyberespionage | Realinfosec.net
  3. Pingback: U.S Department of Treasury Imposes Sanctions on four Ukrainian Government Officials | Realinfosec.net
  4. Pingback: Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software | Realinfosec.net

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RiSec Captcha 9 + 1 =

AbuseIPDB Contributor Badge

Follow Our Socials:

Latest InfoSec News

Data Breach News InfoSec News

JD Sports: Cyber Attack affects 10 million customers

RiSec.n0tst3
30 January 2023 0
what is infosec
Cybersecurity Academy

InfoSec – A Newbie Guide – InfoSecurity

RiSec.n0tst3
25 January 2023 0
google
Cybersecurity Academy How to

Google Open-Source Vulnerability Scanning Tool

RiSec.Mitch
18 January 2023 0
InfoSec News

Polymorphic Malware Produced by ChatGPT

RiSec.Mitch
18 January 2023 0
russia
InfoSec News

Russian Hackers Repurpose Decade-Old Malware Infrastructure to Deploy New Backdoors

RiSec.Mitch
8 January 2023 0
latest cybersecurity news
InfoSec News

Dridex Banking Malware Targets MacOS users with a new delivery method

RiSec.Mitch
8 January 2023 0
ransomware
InfoSec News

Microsoft Discloses Methods Employed by 4 Ransomware Families Aiming at macOS

RiSec.Mitch
8 January 2023 0
InfoSec News

$8 billion in cryptocurrency withdrawals strike US bank Silvergate

RiSec.Mitch
8 January 2023 0

Featured Posts

cve-2022-38970
Data Security Featured How to InfoSec News Vulnerabilities

ieGeek Security Vulnerabilities still prevalent in 2022 IG20

RiSec.n0tst3
28 August 2022 6
Data Security Featured InfoSec News

Hacking Campaign Steals 10,000 Login Credentials From 130 Different Organizations

RiSec.n0tst3
27 August 2022 0
DDoS
Featured InfoSec News

Google mitigates largest DDoS Attack in History – Peaked at 46 Million RPS

RiSec.n0tst3
19 August 2022 1
Security researcher contacted me
Cybersecurity Academy Featured How to

A Security Researcher Contacted Me – What should I do?

RiSec.n0tst3
30 June 2022 0
google chrome
Featured InfoSec News

Google Chrome extensions can be easily fingerprinted to track you online

RiSec.n0tst3
19 June 2022 0
MFA
Cybersecurity Academy Data Security Featured

3 Steps To Better Account Security

RiSec.n0tst3
21 February 2022 0
hardening vps security
Cybersecurity Academy Featured

HARDEN YOUR VPS: Steps to Hardening your VPS Security

RiSec.n0tst3
10 January 2022 2

Share the joy

Copyright © 2022 RealinfoSec.net. CyberSecurity News & Awareness. All Trademarks, Logos And Brand Names Are The Property Of Their Respective Owners

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT
en English
af Afrikaanssq Albanianam Amharicar Arabichy Armenianaz Azerbaijanieu Basquebe Belarusianbn Bengalibs Bosnianbg Bulgarianca Catalanceb Cebuanony Chichewazh-CN Chinese (Simplified)zh-TW Chinese (Traditional)co Corsicanhr Croatiancs Czechda Danishnl Dutchen Englisheo Esperantoet Estoniantl Filipinofi Finnishfr Frenchfy Frisiangl Galicianka Georgiande Germanel Greekgu Gujaratiht Haitian Creoleha Hausahaw Hawaiianiw Hebrewhi Hindihmn Hmonghu Hungarianis Icelandicig Igboid Indonesianga Irishit Italianja Japanesejw Javanesekn Kannadakk Kazakhkm Khmerko Koreanku Kurdish (Kurmanji)ky Kyrgyzlo Laola Latinlv Latvianlt Lithuanianlb Luxembourgishmk Macedonianmg Malagasyms Malayml Malayalammt Maltesemi Maorimr Marathimn Mongolianmy Myanmar (Burmese)ne Nepalino Norwegianps Pashtofa Persianpl Polishpt Portuguesepa Punjabiro Romanianru Russiansm Samoangd Scottish Gaelicsr Serbianst Sesothosn Shonasd Sindhisi Sinhalask Slovaksl Slovenianso Somalies Spanishsu Sudanesesw Swahilisv Swedishtg Tajikta Tamilte Teluguth Thaitr Turkishuk Ukrainianur Urduuz Uzbekvi Vietnamesecy Welshxh Xhosayi Yiddishyo Yorubazu Zulu