The official page of the Government of the United States Rewards for Justice has published a statement in which it assures that it will give a reward of up to 10 million dollars “for information that leads to the identification or location of any person who, while acting under the direction or control of a foreign government, engages in malicious cyber activity against U.S. critical infrastructure, in violation of the Computer Fraud and Abuse Act (CFAA).”
Violations of this statute include “the transmission of extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; or knowingly causing the transmission of a program, data, code, or command and, as a result of such conduct, intentionally causing unauthorized damage to a protected computer.”
According to this organization, protected computers include “not only the computer systems of the US Government and financial institutions, but also those that are used or affect interstate or foreign commerce or communications.”
“In keeping with how seriously we view these cyber threats, Rewards for Justice has established a Dark Web (Tor-based) tip reporting hotline to protect the safety of potential sources. Potential relocation payments and cryptocurrency rewards may be available to eligible sources,” the statement reads.
It adds: “Anyone with information about foreign malicious cyber activity against US critical infrastructure should contact Rewards for Justice through our Tor-based tip reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion.” Although it does not quote it directly, this government body would be referring to possible attacks from Russia, after the war started by Putin’s country against Ukraine.
About half of cybercriminal groups are state-backed
According to a report by the security companies Thales and Verint, about half of the cyberbad gangs are backed by the state (49%). Its objectives are sensitive data, mainly defense data, or breaking into fundamental entities for the development of daily life, such as critical infrastructures (health, financial or supply networks).
Of the rest, 26% are activists who aim to influence political and social processes and another 20% are ‘hackers’ who scour the Internet in search of money.
This same report points out that the first group, the one that causes the most concern in times of crisis like the one we are experiencing now with the war between Russia and Ukraine, does not even need to develop its own malware, but instead uses malware created and shared by others.