The evening of September 28, 2021, the FSB rolled up to the offices of Group-IB in marked vehicles and a full-size passenger bus and raided the company’s Moscow offices. Russian media reports that a warrant for the arrest of the CEO, Ilya Sachkov, was executed. Sachkov, the CEO and founder of Group-IB, a cybersecurity firm, is being charged with transferring secret information to foreign intelligence.
Sachkov isn’t just a quiet gent sitting in the corner, he sits on one of the Russian State Duma’s expert committees and is well-recognized within Russian industry as well as the government as an expert on cybercrime. The fall from grace appears to be swift for Schakov, who in February 2019 received the Kremlin’s “Big Business” award from Russian Federation president, Vladimir Putin.
Those close to the events have speculated that his arrest is directly tied to the cooperation which Group-IB has provided to the United States Department of Justice with respect to various Russian cybercrime investigations.
In 2020, the United States unsealed the indictment of Yevgeniy Nikulin, who went on to be convicted in the U.S. for orchestrating the 2014 compromise of Formspring, LinkedIn and others. At the time, the head of Group-IB’s threat hunting framework, Nikita Kislitsin, was implicated while in his role as editor of Hacker magazine for receiving information from Nikulin. Group-IB, as well as Kislitsin, cooperated with the U.S. investigation, making themselves available for interviews with the FBI in the U.S. embassy in Moscow. During that meeting, according to Radio Free Europe, Kislitsin said he was open to collaboration and wished to mitigate any problems. Of particular note is Kislitsin’s revelation that a “Russian hacker had worked with the Russian Federal Security Service (FSB) to obtain compromising information on unnamed individuals.”
The U.S. nexus closely parallels the rationale for the arrest and conviction of former FSB officer Sergei Mikhailov who served as deputy of the FSB’s Center for Information Security. Mikhailov was sentenced to 22 years in prison for sharing “classified information” with the FBI. Mikahilov, according to Recorded Future’s report, “Dark Covenant: Connections Between the Russian State and Criminal Actors,” revealed his frustration with the government when he said, “There were still quite a few ‘cold warriors’ in the Kremlin who did not approve of the FSB’s collaboration with the U.S. law enforcement” and he was not at all certain that collaboration would continue. Interestingly, the same report identifies Dmitry Dokuchaev—who was Mihailov’s supervisor within the FSB (and who was also arrested and sent to prison)—as being subordinate to Kislitsin at Hacker.
Group-IB Cooperation and Collaboration
It stands to reason that Sachkov, who actively takes part in the World Economic Forum’s Centre for Cybersecurity and is a member of the cybercrime expert committees of the Council of Europe and the OSCE, would rise to the defense of Kislitsin and highlight the company’s cooperation against cybercrime with the FBI and Interpol.
It is this cooperation, and perhaps other cases, which present us with a high degree of probability that Sachkov’s willingness to collaborate against cybercrime, including Russian cybercrime, is the reason for his arrest. This is especially true given the political pressure being applied to the Kremlin by the United States and others with regard to reining in Russian cybercrime groups, some of which have a direct connection to the government, as detailed in the Recorded Future research and analysis.
While Sachkov has been processed into Lefortovo court, Group-IB said they are sure their CEO is innocent of any wrongdoing, and during the period of Sachkov’s confinement (through at least November 27) on these charges, CTO Dmitry Volkov would take the reins of the company. Volkov has stated, “We have no access to classified information, no one provides it to us.”
The charges against Sachkov are secret, but the coming months will tell us whether cooperation with U.S. law enforcement carries with it a penalty from the Kremlin; if Sachkov cut too close to the quick and caused Russian cybercrime to exert influence within the FSB or if Sachkov and Group-IB were involved in nefarious activities.