ArchiveOODA Original

The Five Most Dangerous Criminal Organizations Acting As Proxies for the Russian State

The December 2016 “Grizzly Steppe” joint analysis report issued by the FBI and DHS provided a table of monikers attributable to various Russian cybercriminal organizations serving the state’s intelligence services. However, understanding what these names refer to is a challenge in and of itself. As noted by Florian Roth in a 2018 Medium article, similarities in names do not necessarily indicate a shared meaning, but are more likely attributable to a cybersecurity firm’s naming scheme. Names may also be derived from the malware or operations the group is associated with. Given the secretive and dynamic nature of illicit groups, cybersecurity firms may disagree about what terms can be treated as describing a single entity. Cyber criminal organizations may share malware. They may merge into larger groups and seceded from them.  Coining their own terminology therefore enables cybersecurity firms to avoid being bound to other firms’ determinations regarding a threat group–and avoids acknowledging business rivals as definitive authorities on the subject.

Want more insight?

This content is restricted to OODA Network members only. Members get access to all site content plus access to exclusive reports and events. Please consider becoming a member. For more information please click here. Thanks!

Already a member?  Sign in to your account.

Tyler Robinson

Tyler Robinson

Tyler Robinson is an OODA analyst currently based in Colorado Springs, Colorado. He holds an undergraduate degree in International Relations and a Master of Letters in International Security Studies from the University of St Andrews. His research interests include political psychology, deniable actors, gray area phenomena, and privatized security.