Russian Cyber Actors Scramble to Offset Fallout From Ukraine War

5 minute read

Actors Exchange Views, Advice on Economic Options

On Russian language Deep and Dark Web forums, well-regarded threat actors scramble to exchange ideas on how to maneuver within the new economic and political constraints since the onset of the war in Ukraine. As a result,  actors will likely rely on institutions in geopolitically indifferent or friendly allied countries. Immediate concerns center around the fate of cryptocurrency funds and potential strategies to exchange them for fiat currency that can be spent. Causing further unease is the perception that only cryptocurrencies can be sent or wired to Russia for financial support.

  • One noteworthy and longstanding Russian language Dark Web forum member on Exploit[.]in offered their unfiltered opinion on European Union sanctions and why they decided to move to Dubai: “Who gives a f*** what they want. I went to Dubai where I can get cash for any crypto under the sun. Moreover, opening a bank account here is not a huge deal.” 
  • When challenged with a concern regarding potential outrageous fees charged to cash out crypto, the unphased actor responded, “Well it seems to me that with the volatility of Bitcoin (BTC), who cares about the exchange fees at the moment. It’s the pinnacle of greediness…just put all your money in a bank account in Dubai.”

Moving to Dubai

Source: Exploit[.]in
Established forum actor explains why they advocate moving to Dubai

This sentiment was echoed in a separate forum thread in which actors discussed the best way to send money to Russia, another signal from cyber actors that the ramifications of geopolitical decisions trickle down into the underground economy and force financial realignment. Forum members that participated in the thread agreed that cryptocurrency was the most reasonable way to send funds to Russia, save one actor that advocated to, “…invest in Dubai, until war is over [sic], I hope it will be soon.” 

  • This community has left at least one unresolved; the SWIFT (The Society for Worldwide Interbank Financial Telecommunication) ban will likely impact the ability to withdraw or send money to or from Russian majority state-owned bank, Sberbank.

Send Crypto — not Money — to Russia; Invest in Dubai

Source: xss[.]is
Established forum actors conclude cryptocurrency is the most reliable way to send funds to Russia.

How (Not) to Withdraw Money from Sberbank

Source: xss[.]is
Forum actors fail to agree on how to circumvent probable SWIFT ban and withdraw money from Sberbank

Worries Mount Over Fate of Ruble, Rush to Crypto

Russian banks only issue Russian rubles and as the currency continues its decline,  notorious actors are discussing how to minimize financial loss. Among the considerations, they discuss laundering rubles through specific Russian and peer-to-peer (P2P) exchanges into stablecoins–cryptocurrencies that attempt to offer some pricing stability. They do this by pegging their value to an external asset, such as the U.S. dollar — suggesting that underground cyber actors are looking to native Russian exchanges to skirt Western sanctions, then get access to hard currency and maximize their spending power. At the moment, there are few, if any, restrictions preventing private exchanges from converting assets from one currency to another. Actors are leveraging this knowledge to avoid attribution and move funds almost at will. The only calculated downside is the loss of funds from exchange fees, but this hardly concerns most actors facing the possibility of losing access  to Western financial institutions. 

  • Responding to a post about the exchange of Russian rubles to U.S. dollars, longtime Russian language Dark Web forum actor,  Expolit[.]in, laid out a method for converting Russian rubles to U.S. dollar-backed stablecoins using trusted Russian language exchange, bestchange. The actor further cautioned that the exchange rate to convert rubles to dollars was so outrageous that you would be lucky to find a trustworthy person to do it for you. 

Ruble to Crypto Method to Minimize Losses

Source: Exploit[.]in
Forum actors discuss ways to converting rubles to cryptocurrency

What’s Next 

Although the fallout from Russia’s invasion into Ukraine intensifies by the day, cyber actors are prepared to pivot and adapt in near real-time to offset any temporary disruptions to their current financial gains. They plan to accomplish this by finding methods that use stable financial institutions to minimize their personal financial losses. Once they have safely exchanged rubles for cryptocurrency, they will then look to convert digital currency into hard currency — most likely into U.S. dollars — that can be offshored in non-Russian banks to be spent, saved, and one day, repatriated from a financial safe harbor. 

See ZeroFox in action