- Russian-speaking threat actors from former Soviet Union nations are the primary culprits behind numerous crypto-related cybercrimes, including ransomware, illicit crypto exchanges, and darknet markets, according to a recent TRM Labs report.
- These groups are responsible for 69% of all ransomware revenues in 2023, amassing over $500 million.
- The largest operators, Lockbit and ALPHV/Black Cat, both Russian-speaking, have collectively generated revenue of at least $320 million from their activities.
Discover the critical findings of the latest TRM Labs report on the dominance of Russian-speaking cybercriminals in the crypto space, covering ransomware earnings and illicit dark web activities.
Russian-Speaking Threat Actors Lead in Crypto Cybercrime
In its latest comprehensive analysis, TRM Labs identifies Russian-speaking cybercriminals as the primary actors behind significant crypto-related cybercrimes. The report highlights that these actors are at the forefront of ransomware attacks, illegal crypto exchanges, and darknet market activities. Together, the most prolific groups, Lockbit and ALPHV/Black Cat, have generated over $320 million from their illicit endeavors this year alone.
Darknet Market Dominance by Russian Actors
TRM Labs’ report further underscores the dominance of Russian-language darknet markets (DNMs) in global illicit trade conducted in cryptocurrency. These marketplaces, which support the global trade of illegal drugs, represent 95% of dark web drug transactions. The top three Russian-language DNMs processed $1.4 billion in crypto transactions in 2023, marking a significant increase of 33% from the previous year. In stark contrast, the Western DNM ecosystem accounted for less than $100 million during the same period, a decrease of around 20% from 2022.
Garantex & Sanctioned Crypto Transactions
Russia-based crypto exchange Garantex, sanctioned by the Office of Foreign Assets Control (OFAC) in April 2022, is identified as a major player in this ecosystem. Handling 82% of the crypto volume linked to sanctioned entities worldwide in 2023, Garantex plays a significant role in facilitating these transactions. Notably, some of this cryptocurrency was routed by Russian actors to sanctioned Chinese manufacturers for military equipment and components destined for Russian forces in Ukraine.
Cross-Border Crypto Transactions Linked to Military Procurement
TRM Labs’ research reveals that since 2021, at least $85 million has been transferred to wallets associated with Russian and Chinese entities engaged in the production, transportation, and sale of military and dual-use equipment. This figure is anticipated to rise as more entities come under scrutiny. It is important to note that these transactions are part of a broader cross-border trade between Russia and China, settled in cryptocurrency, which may include goods beyond the military context.
Conclusion
The TRM Labs report paints a concerning picture of the current state of crypto-related cybercrime, heavily dominated by Russian-speaking actors. From significant ransomware revenues to controlling the majority of darknet market transactions and sanctioned crypto dealings, these cybercriminals hold a formidable position in the illicit crypto ecosystem. The findings underscore the pressing need for international cooperation and robust cybersecurity measures to curb these activities effectively.
