US accuses REvil hacker of pipeline attack

In the United States, they announced the involvement of a hacker detained by the FSB in the attack on the Colonial Pipeline =”aligncenter” src=”” alt=”US claims REvil hacker was involved in pipeline attack” />

One of the members of the REvil hacker group, who was detained by the FSB after being contacted by the United States, was involved in a cyber attack on the American pipeline company Colonial Pipeline in May last year. This was stated at a briefing by a US administration official (his name was not released), reports Reuters.

“We believe that one of those who were detained today is responsible for the attack on the Colonial Pipeline last spring.” ,— he said.

The FSB reported on the liquidation of the hacker group the day before, on January 14. The intelligence service said that at the request of the United States, 14 alleged members of REvil were detained, the operation took place in Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions. About 426 million rubles were confiscated from the suspects, including in cryptocurrency, $600 thousand, €500 thousand, computer equipment and 20 premium cars.

As told department, in Washington accused the group of attacks on the information resources of foreign high-tech companies and extortion of money.

The US administration said it welcomes Russia's steps “in law enforcement to combat malicious activity emanating from [Russian] territory.” (quote from RIA Novosti). According to the spokesman, the presidents of the two countries had previously created a group of experts, and Washington shared information through this channel.

The detainees were charged under Part 2 of Art. 187 of the Criminal Code (illegal circulation of means of payment), “the organized criminal community has ceased to exist,” the FSB said. Whether there were foreign citizens among them, the special service did not specify. According to an Interfax source, Russia will not extradite to the United States members of the REvil group who have Russian citizenship. Andrey Bessonov and Roman Muromsky.

Colonial Pipeline— one of the largest pipeline operators in the US. A cyberattack on her Colonial Pipeline systems took place on May 7, 2021. Hackers stole confidential information and downloaded a ransomware virus to computers that blocked their work. In exchange for unlocking and refusing to leak data, they demanded a ransom. Due to the attack, Colonial Pipeline was forced to stop the operation of the fuel line. Bloomberg reported, citing sources, that the company transferred about $5 million in cryptocurrency to the attackers within hours of the attack. After paying the ransom, the extortionists gave the company the keys to unlock the network.

The Washington Post and Reuters, citing sources, wrote that the DarkSide cybergroup, which includes hackers from Eastern Europe, was behind the attack. Later, the FBI confirmed the data that the hack was carried out using a ransomware virus created by DarkSide. CNN and NBC News, citing sources, claimed that the DarkSide group included “Russian hackers”. At the same time, they noted that there is no evidence that the Russian authorities are behind the hackers.

Subscribe to Instagram RBC Get news faster than anyone else


Leave a Reply

Your email address will not be published. Required fields are marked *