Group-IB CEO remains in prison

The latest executive order from the Italian ACN agency recommends government agencies to replace Group IB solutions with alternatives as a diversification measure.

The latest executive order from the Italian ACN agency advised to replace solutions from Group-IB, a Russian-led cybersecurity firm, on alternatives in the government sector, including 2 other companies – Kaspersky Labs and Positive Technologies.

Originally founded in Moscow, the company landed itself into controversy after one of the Group-IB employees Nikita Kislitsin was indicted by the FBI for computer-related crimes – the selling of stolen customer data from major U.S.-based corporations. Kislitsin continues to work for Group-IB and is still currently listed on the Russian version of their official WEB-site. Later, Group-IB CEO Ilya Sachkov was arrested and detained by law enforcement and placed in prison – which has only lead to more questions.

It’s worth considering that previously the company received funding of 5 million rubles from a Moscow-based Skolkovo Foundation which was driven by the Russian Government was used to build a high-tech accelerator and innovation complex for domestic start-ups. Later, the company signed an agreement with ROSTEC, a state-owned Russian corporation that was sanctioned by the U.S. Government. According to numerous interviews of Ilya Sachkov, the company was founded by him, and other Russian nationals – Dmitriy Volkov, Alexander Pisemskiy, and Igor Katkov, who is currently moved to BI.ZONE – a subsidiary of SBERBANK, which was also recently sanctioned by the U.S. Government.

In 2013 Group-IB was licensed by the Russian FSB, required to process state-secret data. The license was issued by the Moscow FSB Department with registration number “ГТ № 0064472” which has now been validated by multiple public sources. According to the Russian business newspaper “Kommersant”, the company is owned by several entities tied to Andrei Romanenko, the former CEO of Qiwi (a Russian payment system) and Kirill Androsov, the former deputy chief of staff for Vladimir Putin – the Russian President. Androsov popped up in the Pandora Papers, and his surname has been previously mentioned in connection to investment funds registered in Singapore – Atlas Asset Management and Lang Capital Fund, and also Altera Capital which is registered in Luxembourg.

After some time had passed working in Russia, Group-IB claimed to have moved its headquarters to Singapore, but continue to work in Russia and have offices in Moscow, St. Petersburg and Innopolis, a new economic area organized by the Russian Government in Tatarstan to encourage business development. On the publication date of this article, insights have been received from multiple sources which state – the new CEO of the company Dmitriy (Aleksandrovich) Volkov who also remains present in the Moscow office, while his colleague is imprisoned in jail. Meanwhile, the company has recovered Sachkov’s SIM card and continues to manage his social media accounts. Just recently, on April 6 2022, Group-IB signed a partnership agreement with Ural Information Security Center (UCSB) with HQ in Ekaterinburg, Russia to create the first MSSP to protect Russian companies from cyber-attacks.

According to the mother of imprisoned Sachkov, the Russian Federation badly needs people like her son. In the recent personal letter addressed to Vladimir Putin, and in the context of current Russian-Ukranian tensions, the former Group-IB CEO is requesting his release from prison, as “his country (Russia) needs him, especially, now”.

Notably, Mr. Androsov, formerly the Deputy Chief of Staff to the Office of Prime Minister Vladimir Putin, and current investor in Group-IB, in a recent publication in Luzerner Zeitung mentioned he formally distances himself from “all warlike events in Ukraine”. Prior to the decision of the Italian Government, the President of Ukraine (Zelensky) ruled to issue sanctions and “to blacklist” Group-IB in the recent executive order.

“We must free ourselves from dependence on Russian technology,”said Franco Gabrielli, the Italian government’s undersecretary who oversees security and cybersecurity, a few weeks after the outbreak of the Russian war in Ukraine. 

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Group-IB)

[adrotate banner=”5″]

[adrotate banner=”13″]