From Cybercrime Saul Goodman to the Russian GRU – Krebs on Security

neub9
By neub9
3 Min Read

In 2021, the Russian cybercrime forum Mazafaka was hacked, revealing shocking information about one of the forum’s founders. The leaked user database exposed the fact that this individual served as a special forces officer in the GRU, the foreign military intelligence agency of the Russian Federation, and also provided legal advice to top Russian hackers. Mazafaka, which began in 2001 with the tagline “Network terrorism,” grew to become one of the most secretive Russian-language cybercrime communities, boasting a “Who’s Who” of top Russian cybercriminals.

Initial investigation of the leaked database revealed that Djamix, a highly active and well-respected contributor to the forum from its inception until around 2008, was one of its most influential users. Djamix, who boasted to forum members about being a licensed attorney, provided detailed legal analyses of various public cases involving hackers who were arrested and charged with cybercrimes in Russia and abroad.

Upon further investigation, it was found that Djamix had registered at least 10 domain names since 2008, several websites about Sochi, Russia, and a coastal town called Adler. Aleksei Safronov, a resident of Sochi, was found to be connected to the domains through a phone number and Facebook account. Additionally, domain ownership records and a variety of other sources linked Safronov to a forum dedicated to helping applicants prepare for a career in the Guardia Civil, one of Spain’s national police forces, suggesting a connection to Spanish intelligence activities.

Interestingly, Safronov’s Facebook profile features numerous photos of him dressed in military fatigues alongside a regiment of soldiers in remote areas of Russia. These images clearly show a patch on the arm of Safronov’s jacket bearing the logo of the Spetsnaz GRU, a special forces unit of the Russian military. The Congr
essional Research Service has linked the GRU to some of Russia’s most aggressive intelligence operations, which has led to strong suspicion regarding Safronov’s involvement with or connection to Russian intelligence services.

Mark Rasch, a former cybercrime prosecutor for the U.S. Department of Justice, has drawn attention to the close relationship between the Russian hacker community and the GRU, stating that individuals like Safronov are valuable to intelligence services. It’s speculated that Safronov could have been infiltrating the community to monitor it for the GRU, or he could simply be a member of the armed forces. However, his extensive influence and credentials suggest a deeper involvement in Russian intelligence activities.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *