The Influx of Hackers From Russia Led to an Increase in Cybercrime in Turkey
A surge in hackers from Russia has led to an increase in cybercrime in Turkey, according to reports from the Financial Times, citing sources within the Turkish police and cybersecurity experts.
The sources suggest that initially, migrant hackers engaged in minor online scams, collaborating with local hackers to sell stolen data on the European market and launder their earnings.
However, Turkish authorities recently initiated an investigation as Russian and local hackers began forming groups where they leveraged each other's strengths.
One cybersecurity expert, who wished to remain anonymous, revealed to the newspaper that they infiltrated a Telegram group in which Russians were teaching their Turkish counterparts how to work with large datasets, while the Turks, through their contacts in Western Europe, secured lucrative deals.
In other similar chats, the sources claim that hackers discussed methods to convert stolen cryptocurrency into Turkish lira and ways to purchase real estate for acquiring Turkish citizenship.
"While they may not be exceptional hackers individually, they are highly productive, and they have become very adept at automating processes – their productivity is rapidly increasing," summed up one of the sources.
According to the newspaper's sources, these hackers gather data using a malicious program called Redline, which apparently evades the protection of most antivirus programs. The key feature of Redline is its ability to collect cookie files – data fragments that enable user identification.
In turn, Osher Assor, a cybersecurity expert from Auren Cyber Israel, noted that hackers regularly post new data packages collected in the past few hours in specialized Telegram groups, making them even more valuable.
The Russian mobilization began in late September 2022 and, according to Russian authorities, ended in early November. Many Russians left the country following the full-scale Russian invasion of Ukraine. While there are no precise figures on the number of departures, it is believed to be in the tens or hundreds of thousands.
As previously reported by The Gaze, assets of eleven members of a Russian cybercriminal group that targeted hospitals and critical infrastructure objects were frozen. Hackers were also banned from entering the UK and the US.
"These actions were taken in coordination with the United States, where sanctions were also applied to these key cybercriminals, and are a continuation of the joint efforts of the UK and the US to disrupt the activities of cybercriminals causing significant harm and impose fines on them. According to assessments, sanctions have limited the ability of cyber threat actors to monetize their cybercriminal activities," stated an official announcement from the British government.
The National Crime Agency (NCA), which conducted its investigation into the sanctioned individuals, believes that Russian cybercriminals are responsible for demanding at least $180 million from victims worldwide and £27 million from 149 victims in the UK. The main targets of the attackers were British hospitals, schools, local authorities, and businesses.