Dispelling the Russian Hacker Myth: Revealing the True Culprits of Recent Cyber Attacks
Beyond the widespread assumptions of Russian cyber interference. Who is truly responsible for compromising global digital security?
On May 31st of this year, a file sharing software called MOVEit was infiltrated in a cyber attack. The hackers responsible gained access to massive amounts of private data. On June 7, a criminal organization referred to most often as ‘clop’ took responsibility for the attack via a blog post where they announced that they had penetrated MOVEit transactions world-wide, and that organizations utilizing MOVEit had until June 14 to reach out and settle a ransom. Failing to do, the group wrote, would result in the publication of the stolen information.
Intelligence agencies and media outlets were quick to attribute the blame to Russia, citing the hackers’ use of the Russian language and a series of similar cyber-attacks that have been publicly ascribed to Russia in recent years. This narrative, however, is challenged by a glaring issue: Clop isn’t Russian at all. We know that because of the well-documented criminal track record attributed to the Clop hacking group.
Believed to be responsible for cumulative financial damages approximating $500 million, Clop was subjected to an international investigation in 2021. In June of that year, authorities confiscated equipment from the criminal organization, including computer equipment, multiple vehicles—such as a Tesla and a Mercedes—and around 5 million Ukrainian Hryvnia (around $185,000) in cash.
record scratch
Ukrainian Hryvnia? Yep, that’s right. Six individuals were arrested that June in Ukraine for the offense. Despite the arrests, that was just the beginning of the Clop criminal record. The group was also responsible for hacking into the Accellion file transfer appliance using similar methods, where they were able to copy blueprints of weapon systems from Bombardier, a Canadian defense contractor and aviation company. The list of examples includes hundreds of companies which you can see for yourself in a video I screen-recorded of the organization’s website, which is clearly still active and under criminal control.
* watch the video *
Why has the Ukrainian government allowed the website to continue to run despite having one of the most surveilled and censored internets in the world? And where is the United States? Every single company pictured in that video has been illegally compromised, placing the entire American economy at risk. The National Institute of Standards and Technology estimates the loss to the U.S. economy due to cybercrime to be between 0.9 % and 4.1 % of the national GDP. A couple downloads and a few clicks are all it would take to have access to information that could be wrongfully exploited. Yet rather than put pressure on the international community and Ukrainian government to shut down the servers and hold the criminals effectively accountable, the American government writes one of the most corrupt regimes in the world a brand new check for $325 million.
The Ukrainian government has been gradually integrating cyberwarfare into its military. The flashy recruiting campaigns, internationally popular on Telegram, are part of an effort to build up the reputation of the pro-Ukrainian hacker movement and bring it on a par with the "big names" of the digital underground, inciting ‘hacktivists’ all over the world to join the Ukrainian cause from their laptops. The unique combination of professional engineers and amateur volunteers offers underground cybercrime organizations a legitimate platform for their ‘work’ while providing them with legal protection. It’s also worth noting that Ukraine officially joined the NATO Joint Cyber Defense Center of Excellence (NATO CCDCOE) this past May, significantly expanding Kiev’s ability to wage war in cyberspace.
I recommend anyone interested in the topic go on a deep-web dive for themselves. A brief instructional article with specific instructions for anyone interested in seeing Ukraine’s Underground Web will be posted to the Shultz Report website and Substack within the next day.
The official ‘IT Army of Ukraine’ is a truly international organization, and is subsequently compelled to use the internet in order to function and communicate. The difference in each side’s approach to cybersecurity and warfare within the conflict is notable here- while Ukrainian forces rely heavily on sub-official foreign organizations and individuals, the Russian Federation seems to keep a tight ship, publicly rejecting groups operating in an unofficial capacity, even when those groups are acting in support of Moscow.
For the better part of a decade, Ukraine has been operating a system of specialized funds via “NATO-Ukraine Trust Funds.” Shortly after the Maidan coup the NATO-Ukraine Command, Control, Communication and Computers (C4) Trust Fund was established in preparation (their words, not mine) for the subsequent agreement signed by the NATO Communications and Information Agency (NCI Agency) and Ukraine on January 17, 2022, a month before Russia’s so-called ‘invasion.’
Ukrainian forces are working to adapt to the conflict as it evolves. Yurii Shchyhol, head of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP), explained, "There's been a change in direction, from a focus on energy facilities towards law enforcement institutions which had previously not been targeted that often.” To be certain this is an interesting strategic maneuver, offering some insight into how NATO predicts the conflict will develop.
It’s not obvious to the average Western citizen that it might benefit them to have an interest in international affairs in the first place. And so while Ukrainian cybersecurity is tight regarding traditional military operations - in order to evade the Russians, who are paying close attention) - there is, for now, ample opportunity for everyday citizens to obtain true and accessible information.
-The Shultz Report by M. Shultz