Russian-speaking threat actors who come from former Soviet Union are the primary drivers of various types of crypto-related cybercrime, including ransomware, illegal crypto exchanges, and darknet markets, according to the latest report by TRM Labs.
In fact, ransomware groups that speak Russian were also found to be responsible for at least 69% of all ransomware earnings in 2023, totaling over $500 million.
Russian-Speaking Threat Actors Dominate
In its latest report, prominent crypto research firm TRM Labs revealed that the two largest operators of the year, Lockbit and ALPHV/Black Cat – both Russian-speaking – generated a combined revenue of at least $320 million from their attacks.
Moreover, Russian-language darknet markets (DNMs) account for 95% of all dark web drug sales conducted in crypto across the world. These DNMs are multi-vendor platforms that facilitate the global trade of illegal drugs. As a well-established form of transnational organized crime, DNMs integrate anonymization networks, crypto, and encryption technologies.
TRM Labs’ said that the top three largest Russian-language DNMs processed $1.4 billion in crypto in 2023, which is about 33% higher than in 2022. In comparison, the entire Western DNM ecosystem managed less than $100 million in 2023, around 20% less than in 2022.
Garantex Dominates Sanctioned Crypto Transactions
Garantex, a Russia-based crypto exchange sanctioned by OFAC in April 2022, handled 82% of the crypto volumes associated with all sanctioned entities globally in 2023. This included exchanges and individuals under US and international sanctions.
Interestingly, some of this volume involved crypto sent by Russian actors to sanctioned Chinese manufacturers for military equipment and components used by Russian forces in Ukraine.
The report also observed that at least $85 million has been sent to wallets linked to Russian and Chinese entities involved in the manufacturing, transport, and sale of military and dual-use equipment and components since 2021. This volume, likely to increase as more entities are identified, may also include the sale of other goods unrelated to the war effort, part of broader Russia-China cross-border trade settled in crypto.
“Some Russian-speaking threat actors hold links to the Kremlin and have been actively using crypto to procure foreign equipment for the Russian war effort. Over the past three years, over $85 million has been sent to wallets used by Russian and Chinese entities involved in this type of procurement and cross-border trade.”
The post Russian-Speaking Groups Dominate Crypto-Related Cybercrime: TRM Labs appeared first on CryptoPotato.