We're Building A Better Tri-State Together
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Moscow's hackers continue to cause chaos in cyberspace

MICHEL MARTIN, HOST:

Just over a thousand days after Russia launched its full-scale invasion of Ukraine, Moscow's hackers continue to cause chaos in cyberspace. One group is involved in everything from disinformation to data theft and scams involving fake Canadian pharmacies. NPR's Jenna McLaughlin has the story.

JENNA MCLAUGHLIN, BYLINE: Some experts expected Russian hackers to wipe out Ukraine's power grid and cut the country off from the rest of the world as the military moved into Kyiv. But Kyiv didn't fall to Russian leader Vladimir Putin on that February day in 2022. What actually happened on the battlefield and in cyberspace was a lot more complicated.

These days, Moscow has many hacking groups tasked with different roles around the globe. They often act in concert with troops on the ground. But some occupy a gray space between the criminal underground, the hall of mirrors of espionage and the psychological realm of disinformation. Matthieu Faou follows these groups closely from his perch in Montreal. Faou works for ESET, an Eastern European software company with deep roots in Ukraine. One Russian group has been particularly interesting to Faou this year.

MATTHIEU FAOU: It all started around November 2023 when we detected a significant wave of emails.

MCLAUGHLIN: That wave of emails was targeting Ukrainians, warning of food shortages and power outages as the country plunged into another cold, dark winter at war. But they didn't disappear in springtime.

FAOU: And last time was two weeks ago, actually.

MCLAUGHLIN: Just two weeks ago, the group was at it again, this time threatening Ukrainians that soon women would be drafted into the war effort. Some of the messages have even targeted Russian dissidents, pretending to be supporters of the Russian opposition leader Alexei Navalny, who died in an Arctic prison. But at the same time these hackers were trying to cause chaos and scare people, they were also running an espionage operation.

FAOU: For example, they targeted a Ukrainian defense company in October.

MCLAUGHLIN: Faou says they were after login credentials, hoping to steal information. But perhaps the weirdest thing about this group? They're also scamming people with one of the oldest digital fraud campaigns around - hawking fake Viagra pills through a nonexistent Canadian pharmacy.

FAOU: Shady business that Russian cybercriminals have been involved in for years.

MCLAUGHLIN: Shady business indeed. But Faou says it's not unusual for hacking infrastructure to be used for a lot of different purposes, especially in Russia. U.S. officials have linked Russian spies to Russian criminal hackers for years. Nowadays, the lines between cybercrime and nation-state cyber operations aren't so clear.

Jenna McLaughlin, NPR News. Transcript provided by NPR, Copyright NPR.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.