The Russian government is working on changes to its criminal code that would legalise hacking in the Federation, but only if it’s being done in the service of Russian interests.
The exemption would be granted to hackers located in Russia and abroad. It’s commonly known among malicious actors that they can act with impunity if they don’t attack or disrupt Russian interests. Why could Russia publicly allow threat actors to launch criminal cyberattacks?
Russia, already giving threat actors a pass, could adopt such a law to distract the U.S. government from supporting Ukraine. Additionally, attacks on Western organisations only support Russian economic interests.
The exception would also give pro-Kremlin hacktivists legal freedom to launch cyberattacks. It would likely apply to pro-Russian hacktivist groups, such as KillNet, CyberArmyRussia, XakNet, NoName057(16), Anonymous Russia, etc.
Pro-Russian hacktivists are targeting Ukraine and Western countries as a response to the sanctions imposed on Russia and other support provided by the U.S. and its allies, with most of the activity consisting of Distributed Denial-of-Service (DDoS) attacks.
Since 2022, pro-Russian hacktivists have become a constant threat to government institutions. The government sector was the most frequently targeted among all publicly known attacks. Other frequent victims are healthcare providers, aviation and transportation, media and telecommunications, energy and resources, and the financial sector.
Among the most targeted countries, Ukraine experienced the heaviest cyberattacks. Other countries frequently targeted included the U.S., Poland, Germany, Lithuania, Latvia, Estonia, the Czech Republic, the United Kingdom, Romania, France and Italy.
