Russian-linked hacking group REvil disappears from dark web after Biden warning
- Web pages and payment portals for the group behind high-profile attacks on JBS and Kaseya have disappeared, but it’s unclear if law enforcement was involved
- The outage comes days after US President Joe Biden warned Russian President Vladimir Putin to act against hackers in his country
It’s not yet known if the sites were down temporarily or if the group – or law enforcement – took its websites offline.
“It’s too early too tell, but I’ve never seen ALL of their infrastructure offline like this,” said Allan Liska, senior threat analyst at cybersecurity firm Recorded Future Inc, in a text message. “I can’t find any of their infrastructure online. Their extortion page is gone, all of their payment portals are offline, as is their chat function.” Liska said the websites went offline around 1am Eastern Time.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it‘s not sponsored by the state, we expect him to act,” Biden told reporters.
Representatives from the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the White House didn’t immediately respond to a request for comment. Kremlin spokesman Dmitry Peskov declined to comment, saying he wasn’t aware of the outage.
On Monday, Peskov said Russia is awaiting detailed information from the US on alleged cyberattacks conducted from Russian territory. “You say that hackers attacked some companies on US territory from the territory of Russia, but at a minimum, you need to give some information about what the basis for those conclusions is,” he said. The White House has said it has shared information about criminal hackers with the Russian government.
