On Tuesday, the Department of Justice announced charges against a Russian national who was arrested in the United States while attempting to recruit an employee of an unspecified Nevada company. The Russian national, who has been identified as Egor Igorevich Kriuchkov, was identified by the FBI as a member of a “larger criminal gang” that planned to utilize malware to access the company’s network, steal information, and extort a ransom payment from the victim. The employee who was targeted for recruitment reported the attempt, and the FBI had agents surveilling Kriuchkov throughout his time in the United States. According to the FBI report, the employee involved in the scheme stated that they knew Kriuchkov from prior communications in 2016. During his trip to the US, Kriuchkov took the employee and several others on a trip to Lake Tahoe where Kriuchkov paid for everything. Kriuchkov privately told the employee that he was part of a group working on “special projects” and that they would pay the employee $500,000 USD to install malware from a USB drive on their employer’s network. The employee negotiated the price up to $1,000,000 with an advance payment of one Bitcoin. Kruichkov even reassured the employee that his team would distract the company’s security department by launching a DDoS attack to disguise the data theft and could make the attack appear to have come from a different employee. The employee recognized the immoral and illegal nature of the request and reported the recruitment attempt to the FBI. After this, the employee and Kruichkov had several more recorded discussions about the scheme, during which it was revealed that the malware they intended to use was specifically written for the employee’s company and that several other companies had been similarly targeted. The FBI eventually contacted Kruichkov by phone which led to him immediately attempting to leave the US, only to be arrested the following day in Los Angeles.
Headline-grabbing attacks such as Solarwinds, Kaseya, Colonial Pipeline, JBS Foods and the Log4j vulnerability kept