The world’s most active and prolific Russian cybercrime community is turning to alternative money laundering methods as sanctions against Russia and law enforcement actions against the dark web market have led to a growing number of hackers looking for alternatives.
The sanctions against Russia introduced in the wake of the Russian invasion of Ukraine in 2022 and the capital controls introduced by the Central Bank of Russia to counter these sanctions have not completely eliminated the opportunity for cybercriminals to transfer funds (criminal proceeds, etc.) between Russia and Western countries, although they do not completely cut off the opportunity to do so, they do have an impact.
Although there are few options, cybercriminals seem to be discussing viable solutions for cashing in or securely storing stolen funds and cryptocurrency.
First, the Russian invasion of Ukraine resulted in banking sanctions and blocking of SWIFT payments, which crippled the normal cash flow channels used by cyber criminals.
In addition, direct money transfer services such as Western Union and MoneyGram have ceased operations in Russia.
Russian attackers typically used these services to receive payments from their victims without revealing their identities.
On April 5, the servers of Hydra Market, Russia’s largest darknet platform, were seized by German police, shutting down the giant business (with annual sales of over $1.35 billion) that also supports money laundering services.
The next day, the United States sanctioned Garantex, one of the most important platforms used by Russian cybercriminals to launder the funds.
Binance has also become the first major cryptocurrency exchange to ban Russian users from executing transactions and investments, and more cryptocurrency exchanges are expected to follow this.
Cybercriminals Look to China
Russian hackers seems to be turning their attention to Chinese payment systems, including Chinese banks and the Union Pay card system.
But even Union Pay is considering refusing service to Russian customers, so this option is not viable in the long term.
Since the banking crisis, a new category of money laundering has emerged that provides a route for funds through banks in countries that have not sanctioned Russian banks, such as Armenia, Vietnam, and China.
Cryptocurrency exchanges adopt KYC (Known Your Customer) , even within Russia, so darknet coin mixing and cash-out services are one of the few options.
Flashpoint says some cybercriminals are adopting a long-term approach, investing in gold or storing cryptocurrency in cold wallets until situation would be changed.
However, this situation is unlikely to affect attacker activity. Lower tier threat groups and less capable hackers will be affected, but private laundering pathways established by more sophisticated groups are likely to continue.