Russia Friday said it had dismantled the prominent hacking group REvil, which carried out a high-profile attack last year on US software firm Kaseya, following a request from Washington.
The announcement came on the same day that Ukrainian government sites were hit by hackers in an attack that Kyiv linked to Moscow, which has amassed tens of thousands of troops on the border.
Russia’s Federal Security Service (FSB) said in a statement that it had “suppressed the illegal activities” of members of the group during raids on 25 addresses that swept up 14 people.
The searches were carried out following an “appeal from the relevant US authorities”.
Cybersecurity was one of the main issues on the agenda of a summit meeting between Russian President Vladimir Putin and US President Joe Biden last June.
In Washington, a US official praised the arrests, saying that one suspect was behind the disruptive hack of the Colonial Pipeline, but separated the issue from tensions on Ukraine.
“I want to be very clear – in our mind, this is not related to what’s happening with Russia and Ukraine,” the official told reporters on condition of anonymity.
“I don’t speak for the Kremlin’s motives, but we’re pleased with these initial actions,” she said.
“We’ve also been very clear — if Russia further invades Ukraine… we will impose a severe cost on Russia in coordination with our allies.”
The FSB said members of the group had “developed malware, organised the embezzlement of funds from the bank accounts of foreign citizens”.
The equivalent of 426 million rubles ($5.5 million or 4.8 million euros) and 20 luxury cars were seized in the operation, the statement added.
During a phone call in July, Biden told Putin to “take action” against ransomware groups operating in Russia, warning that otherwise Washington will take “any necessary actions” to defend Americans.
The unprecedented attack targeting the US software firm Kaseya affected an estimated 1,500 businesses.
The Kaseya attack, which was reported on July 2, shut down a major Swedish supermarket chain and ricocheted around the world, impacting businesses in at least 17 countries, from pharmacies to gas stations, as well as dozens of New Zealand kindergartens.
Shortly after the attack, the “dark web” page of REvil went offline, sparking speculation about whether the move was the result of a government-led action.