Russian Government Linked to Kaseya Cyber-Attack, Hacker Claims
▼ Summary
– Yaroslav Vasinskyi, a former REvil affiliate, claimed he was blackmailed by Kremlin-linked entities to conduct cyberattacks, including the 2021 Kaseya attack, before being sentenced to 13+ years in US prison.
– Vasinskyi attempted to leave REvil due to moral concerns, citing guilt over attacks on a church and a hospital, but was pressured to stay under threats to his family.
– REvil’s leadership dismissed a patient’s death from a cyberattack as “good publicity,” which deeply disturbed Vasinskyi and reinforced his desire to exit the group.
– Vasinskyi alleged he was surveilled and coerced by high-ranking officials with international ties, who threatened imprisonment and harm to his loved ones if he refused to continue working with REvil.
– The Kaseya attack was chosen strategically for its potential widespread impact, with Vasinskyi preparing the attack but handing off the final execution to REvil under duress.
A jailed REvil hacker has made startling claims about Russian government involvement in the devastating Kaseya cyberattack, alleging he was blackmailed into participating before his eventual arrest.
Yaroslav Vasinskyi, the convicted REvil affiliate serving a 13-year sentence in a Connecticut federal prison, disclosed these allegations during extensive communications with cybersecurity expert Jon DiMaggio. The revelations came to light during DiMaggio’s DEFCON 33 presentation alongside Trellix’s John Fokker, with further details published in the Ransomware Diaries Volume 7 report.
Vasinskyi, who operated under the alias Rabotnik, joined REvil in 2019 after discovering a critical vulnerability in ConnectWise servers. Over time, he grew disillusioned with the group’s activities, particularly following attacks on a Baptist church and a hospital, the latter allegedly resulting in a patient’s death. When he questioned REvil’s leadership about the hospital incident, he was reportedly told the collateral damage served as “good publicity” for their operations.
The hacker described a moral crisis that led him to attempt leaving REvil in 2020, but his exit was thwarted by what he claims was Kremlin-linked coercion. During a trip to Kyiv in early 2021, he was detained at the airport by individuals he believed were connected to Ukrainian law enforcement and Russian intelligence. These figures, whom he referred to as “handlers,” allegedly pressured him to continue working with REvil under threats of imprisonment, torture, and harm to his family.
Vasinskyi asserted that his handlers strategically selected Kaseya as a target due to its widespread software distribution network, which allowed the attack to cascade across thousands of downstream clients. Though he prepared the attack, he refused to execute it personally, instead handing off the payload to REvil.
DiMaggio’s investigation suggests that while some details, like the hospital attack, may have been misattributed to REvil, the broader narrative of state-linked coercion aligns with known tactics of Russian cyber operations. The case underscores the blurred lines between criminal ransomware groups and geopolitical actors, raising critical questions about accountability in cyber warfare.
(Source: InfoSecurity Magazine)
