Kaseya affair: will Russia be involved?

With the Kaseya affair, the REvil gang once again provokes the American authorities. The group operates from Russian territory, which means that the United States will have to obtain extremely rare collaboration from the Putin administration if it is to confront cybercriminals.

An attack for thousands of victims. On July 2, the REvil gang exploited an unknown flaw in the Kaseya VSA software to distribute their ransomware on ” over a million Of machines. The scale of the attack places it among the largest in history, in a context where cybercriminals seem ever more powerful.

However, in recent months, the authorities seemed to have finally managed to reverse the balance of power somewhat, spearheading the new Biden administration. The American president himself spoke in early May in the Colonial Pipeline affair, the pipeline paralyzed by ransomware. Days later, the gang responsible for the attack, Darkside, lost all of their infrastructure and were forced into early retirement.

Russia remains a haven for cybercriminals. // Source: Louise Audry for Numerama.

A month later, the White House stepped up again. This time about another attack by REvil, against food giant JBS. The FBI then launched: “We will work diligently to bring malicious actors to justice “. Failed, since two months later, the same REvil was able to attack the Florida company Kaseya.

Russia at the center of the fight against cybercriminals

3 days after the outbreak of the affair, the Russian news agency TASS published the statements of the spokesman of the Russian presidency Dmitry Peskov. Asked about a possible request for cooperation from the United States, the representative sent his response: “ No, I have no information and no data has been given. And no, no request was made “.

If journalists have asked such questions, it is because the question of Russia’s collaboration with foreign authorities on cybercrime matters has recently been brought back to the center of the debate. Historically, the Moscow power ignores the cyber-malicious activities perpetrated by its nationals as long as they spare the countries. Result, as soon as a foreign investigation goes back to a gang which acts from Russia, like REvil, it does not lead to any arrest, since the local power ignores the requests.

A collaboration confirmed, but pending

For years, diplomats have been trying to change that posture, and President Joe Biden has made it a line of this term. For example, he called on the Russian authorities to ” take his responsibilities In the Colonial Pipeline case. Then he broached the question of cyber collaboration with his counterpart Vladimir Poutine during the G7, which met in June in Geneva. According to Peskov, the two presidents agreed to “ launch a consultation mechanism on cyber issues », Without the launch date being fixed. However, such a device would be very useful in the case of REvil.

But Russia doesn’t just harbor cybercriminals, its intelligence itself is heavily invested in cyberespionage maneuvers. It was to him – more precisely to a branch known as SVR – that the supply chain attack against SolarWinds was attributed, which made it possible to infiltrate a dozen branches of the US government.

Related Articles