July 26, 2024 at 10:30AM
Russian-speaking threat actors accounted for over two-thirds, surpassing $500 million, of all ransomware crypto proceeds in the previous year, according to TRM Labs. North Korea leads in cryptocurrency theft, with Asia leading in scams and fraud. Russians dominate in malicious crypto activities, encompassing cybercrime, illicit exchanges, and darknet markets.
From the provided meeting notes, it is clear that Russian-speaking threat actors have been significantly involved in cybercrime, particularly in the realm of cryptocurrency-related illicit activities. Here is a summary of the key points:
1. Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware, exceeding $500,000,000 in the previous year. They dominate various types of crypto-enabled cybercrime, including ransomware, illicit crypto exchanges, and darknet markets.
2. North Korea stands out as a leader in stealing cryptocurrency through exploits and breaches, having stolen over a billion dollars in 2023. Asia is also reported to be the leader in scams and investment fraud.
3. TRM Labs, a blockchain intelligence and analytics firm, reported that Russian-language darknet markets accounted for 95% of all sales of illicit items and services globally in 2023. The three largest Russian dark web markets recorded $1.4 billion in transactions, significantly surpassing Western markets.
4. Russia is also dominant in money laundering, with the Russia-based Garantex alone accounting for 82% of cryptocurrency handled by sanctioned entities worldwide.
5. TRM noted that some of the cryptocurrency volume represented funds sent by Russian-speaking actors to sanctioned Chinese manufacturers to purchase military equipment and critical components used by Russian forces in Ukraine.
6. The firm believes that skilled Russians are drawn toward cybercrime due to historical, regulatory, and normative factors and that the political isolation of Russia from the Western world has exacerbated the challenges of tracking, disrupting, and arresting Russian cybercriminals.
Overall, the meeting notes emphasize the significant involvement of Russian-speaking threat actors in cybercrime, particularly in the context of cryptocurrency-related illicit activities. This involvement spans ransomware, darknet markets, and money laundering, and it is driven by a combination of historical, regulatory, and geopolitical factors.