Security

Group-IB CEO remains in prison

The latest executive order from the Italian ACN agency recommends government agencies to replace Group IB solutions with alternatives as a diversification measure.

The latest executive order from the Italian ACN agency advised to replace solutions from Group-IB, a Russian-led cybersecurity firm, on alternatives in the government sector, including 2 other companies – Kaspersky Labs and Positive Technologies.

Originally founded in Moscow, the company landed itself into controversy after one of the Group-IB employees Nikita Kislitsin was indicted by the FBI for computer-related crimes – the selling of stolen customer data from major U.S.-based corporations. Kislitsin continues to work for Group-IB and is still currently listed on the Russian version of their official WEB-site. Later, Group-IB CEO Ilya Sachkov was arrested and detained by law enforcement and placed in prison – which has only lead to more questions.

It’s worth considering that previously the company received funding of 5 million rubles from a Moscow-based Skolkovo Foundation which was driven by the Russian Government was used to build a high-tech accelerator and innovation complex for domestic start-ups. Later, the company signed an agreement with ROSTEC, a state-owned Russian corporation that was sanctioned by the U.S. Government. According to numerous interviews of Ilya Sachkov, the company was founded by him, and other Russian nationals – Dmitriy Volkov, Alexander Pisemskiy, and Igor Katkov, who is currently moved to BI.ZONE – a subsidiary of SBERBANK, which was also recently sanctioned by the U.S. Government.

In 2013 Group-IB was licensed by the Russian FSB, required to process state-secret data. The license was issued by the Moscow FSB Department with registration number “ГТ № 0064472” which has now been validated by multiple public sources. According to the Russian business newspaper “Kommersant”, the company is owned by several entities tied to Andrei Romanenko, the former CEO of Qiwi (a Russian payment system) and Kirill Androsov, the former deputy chief of staff for Vladimir Putin – the Russian President. Androsov popped up in the Pandora Papers, and his surname has been previously mentioned in connection to investment funds registered in Singapore – Atlas Asset Management and Lang Capital Fund, and also Altera Capital which is registered in Luxembourg.

After some time had passed working in Russia, Group-IB claimed to have moved its headquarters to Singapore, but continue to work in Russia and have offices in Moscow, St. Petersburg and Innopolis, a new economic area organized by the Russian Government in Tatarstan to encourage business development. On the publication date of this article, insights have been received from multiple sources which state – the new CEO of the company Dmitriy (Aleksandrovich) Volkov who also remains present in the Moscow office, while his colleague is imprisoned in jail. Meanwhile, the company has recovered Sachkov’s SIM card and continues to manage his social media accounts. Just recently, on April 6 2022, Group-IB signed a partnership agreement with Ural Information Security Center (UCSB) with HQ in Ekaterinburg, Russia to create the first MSSP to protect Russian companies from cyber-attacks.

According to the mother of imprisoned Sachkov, the Russian Federation badly needs people like her son. In the recent personal letter addressed to Vladimir Putin, and in the context of current Russian-Ukranian tensions, the former Group-IB CEO is requesting his release from prison, as “his country (Russia) needs him, especially, now”.

Notably, Mr. Androsov, formerly the Deputy Chief of Staff to the Office of Prime Minister Vladimir Putin, and current investor in Group-IB, in a recent publication in Luzerner Zeitung mentioned he formally distances himself from “all warlike events in Ukraine”. Prior to the decision of the Italian Government, the President of Ukraine (Zelensky) ruled to issue sanctions and “to blacklist” Group-IB in the recent executive order.

“We must free ourselves from dependence on Russian technology,”said Franco Gabrielli, the Italian government’s undersecretary who oversees security and cybersecurity, a few weeks after the outbreak of the Russian war in Ukraine. 

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Group-IB)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

3 hours ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

7 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

21 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.