Women cybercriminals and lady Darknet hackers are now starting to make inroads into the hitherto male-dominated fraternities of Russian-speaking cybercrime. According to the cybersecurity training and certification cooperative, the SANS Institute, women cybercriminals sometimes now pose as men in order to obfuscate their identities as well as to gain credibility among Russian-speaking criminals.
The SANS Institute interviewed one such woman cybercriminal, who is referred to only as a “Confidential Human Source (CHS)” in order to comply with her request for anonymity.
“I often took my boyfriend to in-person meetings,” CHS revealed, shining a new light on a so-far largely unrecognized aspect of cybercrime, the fact that cybercriminals meetings are frequently also conducted offline.
According to SANS: “ Unlike what many might assume, interactions within these illicit circles often go beyond online exchanges and extend into in-person meetings.”
SANS also makes it clear that many Russian-speaking cybercriminals such as CHS may not always be Russian. Just as during the Cold War when most Westerners thought of all countries in the former USSR as simply “Russia”, many modern observers in the West remain similarly confused.
Women hackers come from across the former Soviet Union
“Many cybercriminals involved in Russian-speaking cybercrime are not Russian nationals; they often originate from the Commonwealth of Independent States (CIS) and the broader set of former Soviet Union countries, hold different citizenships or dual citizenships, and/or reside outside of Russia. There are 15 former Soviet Union countries, including Armenia, Azerbaijan, Belarus, Estonia, Georgia, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan, “ says SANS.
CHS herself comes from a former Soviet Union country and says that the collapse of the Soviet Union drastically altered her family’s fortunes, leaving them in poverty almost overnight, like many others in that period.
“This drastic shift in our financial situation left a deep impression on me, and from a young age, I started thinking about how to earn money to escape this situation. My skills in computers, math, and the IT degree I eventually earned formed the basis of my decision to pursue cybercrime,” said CHS.
Over time, she told SANS that she fully mastered the mechanics of bank payments within the networks she hacked and engaged in hacking financial institutions, facilitating millions of dollars in transfers. Concurrently, she sold credit card dumps and plastic cards containing this stolen data, eventually enabling her to expand into hacking federal agencies. She found additional ways to profit, such as selling unpublished press releases for insider trading and blueprints from jet propulsion laboratories.
No cause for celebration in the West
But the success of women like CHS in breaking the glass ceiling of the male-dominated world of Russian-speaking cybercrime should be no cause for celebration in the West, as the line between cybercrime and cyber-espionage is becoming increasingly blurred. SANS also quotes the example of Yuliya Vladimirovna Pankratova, a member of the Cyber Army of Russia Reborn (CARR), who was sanctioned on July 19, 2024. Pankratova was identified as the group’s spokesperson, overseeing its operations in multiple breaches, including the compromise of industrial control systems (ICS) belonging to water utilities in towns across the U.S. An attack on the water tanks in Texas was accompanied by informational support via the group’s Telegram channel, which serves as their primary communication platform. On January 18, 2024, the Cyber Army of Russia posted a video showing actors inside a compromised network.
The video began with a woman’s robotic voice saying in Russian, “Hi everyone, today we have US infrastructure facilities, particularly water supply systems. Enjoy the video.” According to SANS, Pankratova is responsible for public relations and managing the group’s Telegram channel and is believed to be the one crafting these messages. The voice used in the video of the attack on Texas’ water tank is also thought to be hers.
