The report further highlights that Russian-language darknet markets were responsible for 95% of all drug sales denominated in cryptocurrency on the dark web in 2023, illustrating how extensively cryptocurrency is utilized in illegal drug transactions. Additionally, the Russia-based crypto exchange Garantex was linked to 82% of crypto volumes associated with globally sanctioned entities, despite sanctions imposed on Russia amid the ongoing conflict in Ukraine. This indicates a growing reliance on cryptocurrency by Russian entities to evade these sanctions. The U.S. Office of Foreign Assets Control (OFAC) has blacklisted several bitcoin and ether addresses connected to sanction evasion, and in 2022, U.S. federal prosecutors charged five Russian nationals with laundering substantial amounts of cryptocurrency.
The report noted that “Russian-speaking threat actors exhibit a unique range of harmful activities,” underscoring the extensive illegal operations conducted by these groups. Despite the prominence of Russian-speaking groups in ransomware and darknet markets, North Korea continues to be a major contender in the cybercrime domain, with North Korean hackers implicated in nearly $1 billion worth of cryptocurrency theft in 2023, further asserting their status as a formidable cyber threat.
Ransomware, a type of malware that blocks user access to devices until a ransom is paid, saw significant activity from groups such as Lockbit and ALPHV/BlackCat, the two largest operators. In a notable development, the U.K. National Crime Agency announced in February that it had successfully compromised Lockbit’s operations, dealing a substantial blow to their criminal enterprise.
The report also noted that Russian-language darknet markets were responsible for 95% of all crypto-denominated illicit drug sales on the dark web in 2023. This underscores the extensive use of cryptocurrency in facilitating illegal drug transactions within these markets.
In addition, inflows to the Russia-based crypto exchange Garantex accounted for 82% of the crypto volumes linked to sanctioned entities worldwide. This occurred despite global sanctions imposed on Russia due to the ongoing war in Ukraine. The report highlighted that entities in Russia have increasingly turned to cryptocurrency to circumvent these sanctions. The U.S. Office of Foreign Assets Control (OFAC) has blacklisted several bitcoin and ether addresses associated with sanctions evasion, and in 2022, U.S. federal prosecutors accused five Russian nationals of laundering millions of dollars in crypto.
“Russian-speaking threat actors are unique in the breadth of their malign activity,” the report stated, emphasizing the extensive range of illicit activities carried out by these groups.
Despite the dominance of Russian-speaking groups in ransomware and darknet markets, North Korea remains a significant player in the global cybercrime landscape.
The report noted that North Korean hackers were responsible for nearly $1 billion in cryptocurrency theft in 2023, maintaining their position as a leading cybercrime threat.