Russia’s cybercrime community, one of the most active and prolific in the world, is turning to alternative money laundering methods due to sanctions against Russia and law enforcement actions against dark web markets.
While options are few, cybercriminals are discussing viable solutions to cash out or keep stolen money and cryptocurrency safe, Flashpoint analysts noted in conversations of threat actors.
A “perfect storm”
First came the banking sanctions and the blocking of SWIFT payments, a consequence of the Russian invasion of Ukraine. This paralyzed the regular channels for money flows used by cybercriminals.
Then came the suspension of Russian operations of instant money transfer services such as Western Union and MoneyGram. Scammers and extortionists usually used it to receive payments from victims without revealing their real identities.
On April 5, the servers of Hydra Market, Russia’s largest darknet platform, were seized by German police, bringing down a huge company (annual turnover of more than $1.35 billion) that also operated money laundering services.
The next day, the US approved Garantex, one of the main platforms Russian cybercriminals used to launder stolen money, following a wave of sanctions on similar platforms from 2021.
Finally, yesterday, Binance became the first major cryptocurrency exchange to essentially ban Russian users from transacting or investing, and more are expected to follow soon. Even significant coin mining activities in Russia are sanctioned.
Cyber criminals turn to China
According to Flashpoint data collected on cybercriminal forums, Russian hackers have mainly turned to Chinese payment systems, including Chinese banks and the Union Pay card system.
But even Union Pay is now considering not serving Russian customers, so the option isn’t viable in the longer term.
Since banking troubles arose, a new category of money launderers has emerged, offering money routes through banks in countries like Armenia, Vietnam or China, which have not imposed sanctions on Russian banks.
Cryptocurrency exchanges with rising KYC requirements (know your customer), even those within Russia, are not an option, so darknet coin mixing and withdrawal services are among the few options available.
Because the money laundering providers on Hydra no longer have a stable place to advertise their services, crooks are restricted to smaller, less reliable operations.
Flashpoint says some cybercriminals responded to this situation by taking a long-term approach and investing in gold or storing their cryptocurrency in cold wallets until circumstances change.
However, the situation is unlikely to impact financially motivated threat activities. Lower threat groups and less capable hackers will be most affected, but the private money laundering channels set up by more sophisticated groups will likely continue to work.
This post Russian hackers look for alternative money laundering options was original published at “https://www.bleepingcomputer.com/news/security/russian-hackers-are-seeking-alternative-money-laundering-options/”