Russian Government Accused of Involvement in Kaseya Cyber-Assault by Hacker

Russian Government Accused of Involvement in Kaseya Cyber-Assault by Hacker

In a shocking revelation, a new investigation published in the Ransomware Diaries Volume 7 report on August 9 has shed light on the Kaseya supply chain attack that occurred in July 2021. The investigation, led by Jon DiMaggio, chief security strategist at Analyst1, has uncovered intriguing details about the attack, including the role of a former affiliate of the REvil ransomware syndicate, Yaroslav Vasinskyi.

Vasinskyi, who is currently serving over 13 years in US federal prison at FCI Danbury, Connecticut, claimed that REvil has ties with the Russian government and that the people who blackmailed him were likely from Kremlin-linked government institutions. Despite his assertions, there are no available search results indicating that a high-ranking official in the Russian government was involved in the attack.

The Kaseya attack was a complex operation, involving REvil as the ransomware provider, Vasinskyi as the technical lead, and a third party, his state-level handlers, as the execution team. Vasinskyi prepared the attack himself, from initial access to testing the final payload. However, his handlers were more powerful than REvil's government-linked associates, suggesting entanglement with high-ranking figures.

Interestingly, Vasinskyi attempted to show that he did not execute the attack himself through various means, including sending a letter to the FBI, using speakerphone during conversations, and showing his face to CCTV cameras. During his DEFCON talk, DiMaggio highlighted that Vasinskyi seemed to have never lied about the things the researcher tested him on.

Vasinskyi started working for REvil in early 2019 after being recruited by a member of the group known as 'Lalartu.' He attempted to leave REvil multiple times for moral reasons but was blackmailed into preparing the Kaseya attack before leaving. Vasinskyi operated out of Poland with a few trips to Ukraine while working with REvil.

The Kaseya attack was not about extortion, but disruption, crippling downstream systems, collecting intelligence, and gaining access to critical infrastructure. A hacker involved in the attack claims he was coerced by the Russian government, adding another layer of complexity to the already intricate investigation.

One theory on Russian cybercrime forums suggested that UNKN might have been Aleksandr Ermakov, a former Russian police officer. However, Vasinskyi disputed this, believing that two people controlled the UNKN account: Ermakov, who took orders, and one who gave them. The true leader, according to Vasinskyi, remains "Unknown."

This investigation provides a fascinating insight into the world of ransomware attacks and the complex relationships between cybercriminals, governments, and high-ranking officials. As the digital landscape continues to evolve, it is crucial to stay vigilant and informed about such threats.

Read also:

• Oxidative Stress in Sperm Abnormalities: Impact of Reactive Oxygen Species (ROS) on Sperm Harm
• Is it possible to receive the hepatitis B vaccine more than once?
• Transgender Individuals and Menopause: A Question of Occurrence?
• Genetically manipulated rabbits sprout ominous black horns on their heads