17:02 / July 5, 2024
The high-profile case of the hacker group is entering the home stretch.
On July 5, in St. Petersburg, the debate of the parties began in a high-profile trial concerning the hacker group REvil.
The suspects were arrested shortly after US President Joe Biden called Vladimir Putin in April 2021, asking him to shut down the group’s activities. The reason was cyberattacks on major US companies that used ransomware to block operations and extort money to restore access.
The case also mentions an attempt to bribe a Tesla employee for $1 million in order to infect the company’s computers with a virus. However, after the events of 2022, the US Department of Justice stopped responding to the Russian side’s requests for legal assistance. Izvestia reports on the current charges and the lawyers’ position.
On April 9, 2021, US President Joe Biden contacted Vladimir Putin in response to a cyberattack on US company Kaseya. The attack affected tens of thousands of organizations around the world, including a Swedish railway operator, a pharmacy chain, and 800 Coop grocery stores. The hacker group REvil claimed responsibility, demanding $70 million in Bitcoin for data recovery, later reducing the amount to $50 million. Kaseya later announced that it had received the decryption key from a third party, without disclosing details.
REvil also claimed responsibility for the hack of Quanta Computer, the largest meat producer JBC and Colonial Pipeline. As a result, Colonial Pipeline paid a ransom of $5 million at the time, $2.3 million of which was confiscated by the US Department of Justice). In America, these attacks were considered to be linked to Russia. Biden demanded that Putin take measures to combat the hackers, to which Putin responded that countries should cooperate in the fight against cybercrime through specialized data exchange channels.
After the conversation between Biden and Putin, REvil resources disappeared from the darknet. In November 2021, the US Department of Justice announced the arrest of REvil member Yaroslav Vasinsky, involved in the hack of Kaseya, who was sentenced in the US in May 2024 to 13 years and 7 months in prison. In January 2022, the Russian FSB conducted operations in St. Petersburg, Moscow and Lipetsk, detaining 14 REvil members and seizing more than 426 million rubles, $600 thousand, €500 thousand, computers, crypto wallets and 20 premium cars.
Eight people were in the dock: Daniil Puzyrevsky (the alleged leader of the group), Ruslan Khansvoyarov, Aleksey Malozemov, Andrey Bessonov, Artem Zayets, Mikhail Golovachuk, Roman Muromsky and Dmitry Korotayev. The defendants were charged with illegal circulation of payment funds committed by an organized group. In particular, Puzyrevsky and Khansvoyarov were also charged with creating and distributing malicious programs.
According to investigators, Puzyrevsky began carding in 2015, involving his classmates in the scheme. In 2021, the FSB gained access to their correspondence, finding screenshots of bank card data and discussions of hacks.
In the interrogations of witnesses in the case, it is mentioned that in the summer of 2020, Yegor Kryuchkov offered a friend of his from Tesla to introduce malware into the company’s systems for $1 million. The engineer reported the offer to the US authorities, and Kryuchkov was detained. Yegor was arrested for 10 months and deported, after which he became a witness in the REvil case.
The episodes with Tesla and other hacks are missing from the final indictment. The defense claims that the investigation did not establish the owners of the bank cards found on the defendants and did not send requests for legal assistance to the United States. The court refused to interrogate the victims, which does not prevent the verdict from being passed under the article on illegal circulation of payment funds.
The parties will debate in the St. Petersburg Garrison Military Court, as one of the accused was a serviceman at the time of the alleged crime. The verdict is expected in the coming weeks.
We See What Others Cannot
