Your Route to Real News

Everything we know about Russian cyberhackers who operate with Putin's blessing

05 June 2024 , 11:43
1377     0
The group are one of the most aggressive Ransomware hacking teams striking targets all over the world since 2022 (Image: Getty Images/iStockphoto)
The group are one of the most aggressive Ransomware hacking teams striking targets all over the world since 2022 (Image: Getty Images/iStockphoto)

The cyberattacks that crippled hospitals in London yesterday were the work of a group of shadowy Russian hackers calling themselves Quilin who have been wreaking online havoc for years, an expert has said.

The attack, which hit the IT contractor Synnovis, which serves NHS pathology labs, led to major disruption at major London hospitals. Ciaran Martin, former chief executive of the National Cyber Security Centre, said the hackers were given free reign to operate inside Russia. He said: “We believe it is a Russian group of cyber criminals who call themselves Qilin.”

The group first appeared on the dark web in July 2022 offering “affiliates” the use of their sophisticated ransomware hacking software in exchange for a cut of the ransom money. In November 2023 Qilin claimed responsibility for the ransomware attack on Chinese automotive giant Yanfeng Automotive Interiors - one of the world's largest suppliers of car parts. Reports by Computer Weekly in March suggest the hackers claimed an attack on the Big Issue.

January 2024 saw the Australian court system hacked with a ransomware attack on Court Services Victoria. That same month Serbia’s state-owned electricity company was struck by the group, which also sometimes goes by the name Agenda. Meanwhile in April 2023 the massive French architects firm Ateliers Jean Nouvel also fell victim to Quilin a hack.

Singapore-based cybersecurity firm Group-IB was able to infiltrate Quilin in 2023 speaking with a Qilin recruiter who goes by the online alias Haise gaining an insight into how the group works. Qilin even boasted of offering affiliates the ability to customise each ransomware attack, tailoring the hack to the target to try and ensure maximum damage. "Many Qilin ransomware attacks are customised for each victim to maximise their impact," Group-IB said in a report.

Brit 'saw her insides' after being cut open by propeller on luxury diving trip qhidqhiqkirtprwBrit 'saw her insides' after being cut open by propeller on luxury diving trip
Everything we know about Russian cyberhackers who operate with Putin's blessingThe group are allowed to operate with impunity from inside Putin's Russia (POOL/AFP via Getty Images)

A 2023 report in hacker news said the group's victims “mainly span critical infrastructure, education, and healthcare sectors” and the hackers had struck targets in Australia, Brazil, Canada, Colombia, France, Japan, Netherlands, Serbia, the U.K., and the U.S.

“Attacks mounted by the group make use of phishing emails containing malicious links as a means to obtain initial access and encrypt sensitive data, but not before exfiltrating it as part of a double extortion model,” the site reported. After the ransomware infects computers in a network, users then receive a message saying their files have been encrypted, and they have to pay to get them back. The software also sends copies of the victim’s data to hackers who then threaten to leak sensitive info like payroll data or client contracts in a “double extortion”.

Speaking to BBC Radio 4’s Today programme Martin said: “These criminal groups, there are quite a few of them, they operate freely from within Russia, they give themselves high profile names, they’ve got websites on the so called dark web and this particular group has about a two-year history of attacking various organisations across the world.

“They’ve done automotive companies, they’ve attacked the Big Issue here in the UK, they’ve attacked Australian courts. They’re simply looking for money.”

When asked why Quilin would have targeted hospitals, Mr Martin said it may simply have been that the hackers did not know what Synnovis did. Although the UK government has a policy of never paying hackers over ransomware attacks on state-owned systems, as a private company Synnovis could, “in theory the company is free to pay the ransom,” Mr Martin said.

NHS officials said they are working with the National Cyber Security Centre to understand the impact of the attack, while Synnovis said it has been reported to law enforcement and the Information Commissioner.

Joe Smith

Print page

Comments:

comments powered by Disqus