Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Mattias Wåhlén Profile picture
@WahlenPMattias
Aug 1 15 tweets 4 min read Read on X
Russia and USA appears to have agreed to a prison exchange. USA gets several Western and Russian journalists arrested for various spy charges. Russia gets home... cybercriminals!

A thread /1
Who are these guys that Russia wants back so badly? Well, let's have look at the list:



Two of the men are harldy "cybercriminals". They were arrested for being involved in various schemes to import Western electronics to Russia. /2
Alexander Vinnik was arrested in 2017 for money laundering as CEO of a crypto exchange called BTC-E. BTC-E was later accused of handling money transfers for the GRU hackers known as “Fancy Bear” during the 2020 US election interference. /3
Vinnik has also been accused of being linked to the Locky ransomware group, presumably for money laundering. /4

justice.gov/opa/pr/alleged…
Vladislav Klyshin was the founder and CEO of M-13, a Russian cybersecurity company. He was arrested for hacking companies and stealing confidential data used for insider trading, earning close to 100 million dollars. /5
Klyshin is also being named as co-conspirator to two GRU officers accused of being involved in the 2020 Russian election meddling.

/6justice.gov/usao-ma/pr/rus…
Roman Seleznev. Seleznev is a carder and was arrested back in 2014 and sentenced to 27 years in prison for wire fraud and running a credit-card-theft operation. /7
Seleznev is also the son of Valery Seleznev, a member of Russia's Duma, that has been sanctioned since the Russian invasion of Ukraine in 2022. Apparently having a son who is a known cybercriminal didn't hurt his father's political career. /8

en.wikipedia.org/wiki/Roman_Sel…
Vladimir Dunaev. Dunaev was arrested for being part of the TrickBot group. TrickBot was part of the Conti ransomware syndicate and used to deploy both Ryuk and Conti ransomware. In the Conti leaks it was also revealed that Conti would sell information to the FSB. /9
After the Russian invasion of Ukraine, in 2022, it was revealed that the TrickBot group had switched from ransomware to cyber espionage in Ukraine, presumably earning them a favor they can now cash in. /10

securityintelligence.com/x-force/trickb…
Vadim Krasikov is not a cybercriminal but an FSB hitman, known as the “Berlin Bicycle Assassin” after he murdered a Chechen dissident in 2019. /11

apnews.com/article/vadim-…
However, Krasikov has a curious link to cybercrime. He is linked to the FSB officer Edouard Bendersky, a senior officer in "Vympel", an FSB spec ops unit, who may have been his handler during the assassination. /12

meduza.io/en/feature/202…
Edouard Bendersky in turn happens to be the father-in-law of one of Russia's most notorious cybercriminals - Maksim Yakubets, the leader of Evil Corp. /13

rferl.org/a/in-lavish-we…
Everywhere we look, the Russian government has links to organized cybercrime, and now the Russian government does it's best to help free Russian cybercriminals and get them home.

Do we need more proof that Russia is actviely enabling ransomware and other cybercrime? /16
End Thread
@aejleslie, @patrikoksanen, @ImposeCost, @Jon__DiMaggio

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Mattias Wåhlén

Mattias Wåhlén Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WahlenPMattias

Mattias Wåhlén Profile picture
May 6
From the start, when Anonymous Sudan emerged, I have suspected that this was a group created by Russia to create anti-Swedish sentiment in Turkey by exploiting extremists that have burned the Quran in Sweden.
🧵/1
To sum it up; the name Anonymous Sudan first appeared at the same time as an extremist started to use free speech legislation to publicly burn Qurans in Sweden, even directly outside the embassy of Turkey. /2
While there is no smoking gun, circumstantial evidence points to all this being a Russian information operation.
Here is a highly suggestive timeline of these events in our blog post about Anonymous Sudan, for those who wants to dig deeper. /3

truesec.com/hub/blog/what-…
Read 15 tweets
Mattias Wåhlén Profile picture
Dec 8, 2023
I would argue that the most significant event in cybersecurity in 2023 was the attack on two casinos in Nevada by the threat actor known as Octo Tempest and in this thread I will explain why.
🧵 /1
Octo Tempest, also known as Star Fraud or Scattered Spider is a group of hackers that highly likely consists of young men, from USA and possibly UK. They belong to an online community simply called “Comm”. /2
This community of young, invariably male, hackers and wannabe hackers is a toxic online mix of hacking, misogyny, and 4chan trash talk. /3
cyberscoop.com/youth-hacking-…
Read 16 tweets
Mattias Wåhlén Profile picture
Jul 31, 2023
I have on several occasions argued that cybersecurity professionals need to be better at explaining cyber threats to C levels. One way to do that is to describe the cybercriminals’ business model.

A thread 🧵 /1
Cybercriminals’ business model may seem esoteric for the average cybersecurity professional, but that is closer to the language of a CFO and if you don’t have the CFO on your side, necessary cybersecurity will not happen. /2
How much profit a ransomware criminal can make is based on four variables.
R = The ransom amount
W = the victim’s willingness to pay a ransom.
D = The chance of successfully deploying the ransomware
T = The time in man hours it takes to complete the operation.
/3
Read 27 tweets
Mattias Wåhlén Profile picture
Oct 10, 2022
This is a long thread on Russian cyber war in Ukraine, in which I will try to explain cyber war and comment on the Russian cyber war in Ukraine. /1
For those who don’t know me or what credentials I have. I am a civilian threat intelligence expert at @truesec, but I have previously worked 35 years in intelligence, mostly in Sigint. /2
@Truesec First, we need to define a few things, because words like “cyber war” are being thrown around and misused a lot.
Cyber Operations are the use of cyber capabilities, either in war or clandestinely in peace. Just like Special Forces operations. /3
Read 43 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(