What this blog will be about, who is the writer, what will be the editorial style and which topics will be covered in the near future? All the answers are here!

Hello World! I am a French CTI and cybercrime analyst working at OWN. I decided to create this blog to share some of my work and findings about the Russian language cybercriminal ecosystem. I am fluently speaking French and Russian; I have a rather decent command of English (although I am not yet Shakespeare) and a good comprehension of Ukrainian. I am passionate about open-source investigations and cybersecurity. My work is very demanding and free time is scarce, therefore I will do my best to deliver everything that I have planned for this blog, but as you can understand, it is an obligation of means rather than an obligation of results.

The aim for me with this blog is to entice people to learn – and, of course, continue to learn myself – about the cybercriminal world that mostly appeared from countries that formerly composed the Soviet Union. Demystifying how this ecosystem works and how the individuals involved in it interact, will be one of my main objectives. Indeed, mainstream media are sometimes very caricatural in their descriptions of “Russian hackers” and often categorize Russian-speaking individuals as a part of a unique group. You can frequently read as well about these cybercriminal’s incredible capabilities and almost mystical powers. The reality is, of course, far more complicated, nuanced, but nevertheless much more interesting.

While I will often use very provocative and satirical pictures to illustrate my articles and decorate this blog (you can blame generative AI for this :p), the text itself will be as accurate and intellectually honest as possible. I do not want to make sensationalist revelations or bold assertions if I cannot back them; my goal is to talk about facts and analyze them with rigor and coldness. If I do not know or if I am unsure about something, I will tell it to you! Maybe you will see some blind spots in my analysis and will be able to do your own research or complement mine...

Figure 1. An example of a caricatural image that this blog will be hopefully filled with!

During the upcoming year, I would like to write about several topics that will create the foundations for future publications. First, I wish to offer to the reader a clear definition of what a Russian-speaking cybercriminal is and what are the most popular illicit crafts in this part of the Web. Then, I wish to invite the lector to an excursion into the Russian language cybercriminal forums, who, in my opinion, compose to this day the core component of the cybercriminal ecosystem, although Telegram and marketplaces are also important elements. In fact, Telegram is more and more used by Russian-speaking cybercriminals and is, for some of them, an important complement to forums, which is why I could write about this social network too. Eventually, I would like to analyse the key services that exist on the Russian language underground and that facilitate cybercrime.

It is necessary to add some information about what this blog will not be about, at least in the foreseeable future. Topics related to State sponsored advanced persistent threats (APT) will not be covered as they are an absolutely different topic and should not be confused with cybercrime. As an example, several ransomware groups can be labialized as APTs because they exist for a while and are well organized; nevertheless their means and capabilities are hardly comparable with State-sponsored groups. This is why I will certainly write about ransomware gangs created by Russian-speaking threat actors, but not about State-sponsored entities and their activities.

Thank you for staying with me until this point! I hope you will enjoy this adventure as much as I already do!