Beyond Defense: New Report Exposes How Russian Cyber Firms Aid the Kremlin’s War

The war in Ukraine has reshaped not only geopolitics but also the digital battlefield. A new report from CNA, “Hacking and Firewalls Under Siege: Russia’s Cyber Industry During the War on Ukraine”, highlights how Russian private cybersecurity firms are deeply entwined with the Kremlin’s cyber operations.

According to the report, “The Russian ‘cyber web’ is complex, shifting, and often opaque, encompassing state-encouraged ‘patriotic hackers,’ independent developers, and state-recruited cybercriminal groups, among many other actors.” While much attention has been focused on the state’s intelligence agencies—the FSB, SVR, and GRU—private firms have become just as critical to Russia’s cyber arsenal.

These firms aren’t merely passive contractors. CNA notes that private companies are supplying both defensive and offensive services, from intrusion detection to exploit development. As the report explains, “Private cyber firms in Russia occupy an important role in this ecosystem… supporting defensive operations, supplying defensive technologies, providing defense-oriented threat intelligence, identifying vulnerabilities for offensive operations, [and] assisting with offensive operations.”

The report dives into three firms—Kaspersky, Security Code, and Positive Technologies—to illustrate the spectrum of cooperation between the Kremlin and private industry.

• Kaspersky: Once a globally trusted antivirus company, Kaspersky has been repeatedly accused of quietly aiding Russian intelligence. CNA highlights how it was “sanctioned by the United States, banned from federal government systems, and identified by Germany, Poland, and others as a potential national security threat.” Despite this, the company has thrived outside the West, opening “transparency centers” and expanding into Latin America and Asia.
• Security Code: Unlike Kaspersky, Security Code operates primarily within Russia, providing cryptographic solutions, secure firewalls, and training programs. The report reveals that “most of its clients are those protecting ‘critical information infrastructure,’ a Russian legal term for entities handling information systems, networks, and technologies that are critical to the state’s security.” This defensive focus has insulated the company from Western media scrutiny but cemented its role in Russia’s wartime resilience.
• Positive Technologies: Perhaps the most concerning, Positive Technologies has been directly linked to Russian intelligence operations. CNA states that it “supports offensive operations, reportedly by reverse engineering Western capabilities and turning vulnerabilities into exploits.” Its annual hacking conference has also become a recruitment ground for the FSB and GRU, drawing tens of thousands of participants and boosting Russia’s cyber talent pipeline.

The Kremlin’s reliance on private companies provides plausible deniability. As the report notes, “The Kremlin benefits from having a wide group of cyber actors to draw upon. Such actors offer the Kremlin deniability (even if implausible) for operations, the ability to locate their own technical operations and infrastructure outside of state hands, [and] a wide talent base.” This blurring of lines between state and non-state actors makes attribution difficult and responses more complicated for the West.

The report concludes with a warning for policymakers and defenders: Russian private firms are not just victims of sanctions or collateral players in the conflict. Some are “directly supporting the Russian government’s offensive cyber operations, making them direct security risks for the United States and the West.” Others, by shoring up Russia’s defensive posture, extend the longevity of its cyber campaigns.

CNA suggests three critical questions for the future:

1. How can companies better identify Russian providers in supply chains and determine whether they present risks?
2. In which regions and markets are Russian cyber firms expanding the most, and what can their sales pitches and successes teach the United States and the West?
3. What would a more analytically robust, comprehensive assessment of possible Russian private company support for the Kremlin look like?

Related Posts:

• ASUS Joins the Ranks of CVE Numbering Authorities
• Vulnerability Overload: 40,000+ CVEs in 2024
• Web of Deceit: Unmasking the Hidden Threat of Stockpiled Domains
• Patch Alert: RetSpill Vulnerability Opens Backdoor in Millions of Linux Machines

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.