However, they are adapting.
It’s becoming clear that Russia’s invasion of Ukraine has complicated the means through which cybercriminals launder funds, but they are adapting. I thought you might be interested in comment from risk intelligence firm Flashpoint, based on discussions analysts have observed in recent months.
Sanctions introduced against Russia, coupled with capitol controls introduced by the Russia Central Bank to counter them, have affected opportunities for cybercriminals to transfer financial resources between Russia and Western Countries, though not cut them off entirely.
Along with the takedown of Hydra, which emerged as an outlet for cryptocurrency laundering services and tools, this has prompted threat actors to pursue workarounds, either through novel means or by recalibrating existing cash-out methods – as well as a scramble for safety.
According to Flashpoint analyts financial transactions to Russia have become more complicated, and fear of an impending crackdown on Russian-linked accounts via cryptocurrency exchanges.
“Some threat actors have been observed discussing ways to store value for a longer period of time, including ‘cold’ wallets (wallets not connected to the internet) and decentralized exchanges as two ways to avoid funds being blocked or confiscated.” Analysts also observed “users suggesting keeping funds in gold,” they noted.
Conventional bank transfers
As not every Russian bank presently falls under international sanctions, it is still possible to transfer funds to certain banks in Russia from Western institutions, even if threat actors find it challenging to rebuild an existing cash-out network.
Flashpoint analysts suggest that “there are potential workarounds, such as transfers through banks located in third countries that have not joined sanctions against Russian banks, such as Armenia, Vietnam, or China.”
Flashpoint analysts observed “a money mule advertising their services on an illicit community which included receiving money in a German bank account and doing not only Bitcoin, but also Russian wire transfers in turn.
Flashpoint analysts have witnessed increasing interest in UnionPay cards – a Chinese payment system that has emerged as an alternative to Western-based credit card companies.
A seller in a particular illicit community, whose activity consists of selling credit cards for the purposes of transfers of illicit gains, announced on March 28 that their offers now included UnionPay cards.
The Hydra effect
Analysts assess with moderate confidence that the takedown of Hydra Market will cause a marked disruption in cryptocurrency-based cash-out operations. Even though these services can survive outside of Hydra, the uncertainty regarding law enforcement access to past transaction details will likely reduce the clientele of services that normally operated in hydra.