The Russian government's relationship with its cybercriminal ecosystem has transitioned from passive tolerance to active state management, marking a strategic shift. This report, covering 2024–2025, details the "Dark Covenant 3.0," characterized by selective enforcement, choreographed arrests, and direct coordination between criminal leaders and Russian intelligence intermediaries.
Insikt Group found that Russia leverages these criminal groups as geopolitical tools, with detentions and releases often tied to broader diplomatic cycles. The cybercriminal underground is fracturing under the dual pressures of state control and internal mistrust, forcing groups to decentralize operations to evade both domestic and Western surveillance. The state operates a managed market where national interests, not law, determine which actors receive protection.
Link to full report: https://assets.recordedfuture.com/insikt-report-pdfs/2025/cta-ru-2025-1022.pdf
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
Comments