Cybercrime , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

How Russia's Ukraine War Disrupted the Cybercrime Ecosystem

War Upended Russian Brotherhood, Supply, Demand and Pricing, Says Intel Analyst
Alexander Leslie, associate threat intelligence analyst, Recorded Future

Russia's invasion of Ukraine in 2022 threw Russia’s cybercrime ecosystem into a state of upheaval that still exists to this day.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

"We identified disruptions to literally every single form of commodified cybercrime," said Alexander Leslie, associate threat intelligence analyst at Recorded Future.

In a new report, Leslie detailed how divided loyalties over the war resulted in an IT brain drain. An estimated 250,000 cybercriminals left Russia and Belarus. Ecosystem changes have reshaped the types of cybercrime at play, upended supply and demand for illicit goods and services, and driven pricing instability.

"Whether that be dark web shops and marketplaces, like your traditional cyber-dependent or cyber-enabled crime; the payment card fraud landscape; the willingness for threat actors to leak databases and sell initial access sales - we've seen price fluctuations in marketplaces across the board," Leslie said.

In this video with Information Security Media Group, Leslie also discusses:

  • The most significant and surprising changes to the cybercrime ecosystem;
  • The dividing lines, and how the "brotherhood of Russian-speaking threat actors has largely been broken";
  • The overstated impact of Russian hacktivists and how they are playing into the hands of Russian disinformation operations.

Leslie, who supports threat intelligence for Recorded Future's Advanced Cybercrime and Engagements team, focuses his research on Russian cybercrime.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.