A search of the office of the Russian cybersecurity company Group-IB, as well as the arrest of its CEO Ilya Sachkov, who is accused of treason under Article 275 of the Criminal Code of the Russian Federation, demonstrates how far the Kremlin leadership can go in increasing influence and to expand control over the cybercrime sphere, as well as to further promote their interests and illegal actions directed against other states.
As you know, Group-IB is a Russian cybersecurity company, an official Interpol and Europol partner, as well as a developer and provider of solutions for detecting, investigating and preventing cyber attacks, conducting cyber intelligence. It was founded in 2003 by Ilya Sachkov and Dmitry Volkov, who own a controlling stake. In 2018, the company moved its headquarters to Singapore and also has an office in Amsterdam. Among the shareholders are the Russian investment fund Run Capital and Singapore investment company Altera Capital.
In general, during its activities, the company’s management tried to maintain neutrality in geopolitical issues, directing efforts to combat cybercrime. The risk of such activities was that the investigation of cybersecurity incidents often led the company to customers and executors from the Russian Federation, which instead of ensuring legality, used the identified criminals in their political interests.
Apparently, Ilya Sachkov, while performing work for companies with foreign capital, had to report on the results of investigations and report on identified cybercriminals, which hindered the cooperation of special services and representatives of the cybercrime sphere.
Disclosure of potential members of Russia’s special intelligence and intelligence services to foreign officials who may cooperate with the FBI or other US special services may well qualify as a treason.
For example, Ilya Sachkov personally coordinated several investigations that led to the imprisonment of elite Russian cybercriminals and was reckless in repeatedly emphasizing the inaction of the Russian authorities in prosecuting them.
Imposition of US sanctions against the cryptocurrency platform SUEX OTG, S.R.O. (registered in the Czech Republic, but headquartered and several physical exchangers located in Russia, and almost all shareholders and managers are Russian citizens), which provided transactions (some of which are related to drug trafficking) to cybercriminals who use extortion programs (using which is possible as a cyber weapon) gained control over the internal computer networks of American companies engaged in various sectors of the economy, was the last straw for Russia’s criminal leadership.
All indications are that the Kremlin leadership will continue to actively support cybercriminals who offer the state their own resources, using their semi-protected status to engage in illegal activities, provided that it is directed against foreign targets.
Russia’s use of private, non-government contractors to conduct intelligence operations in cyberspace reduces both the cost of conducting them and the risk of disclosing direct links to its special and intelligence services.