Trend Micro today releases a new report offering a rare, in-depth view into the Russian-speaking cybercriminal ecosystem—an interconnected network of actors that has strongly influenced global cybercrime over the last decade.
Key trends shaping the underground economy
The report highlights major trends that have shaped the underground economy as it exists today. These include the long-term effects of the COVID-19 pandemic, the rapid rise and availability of AI and Web3 technologies, and the widespread exposure of biometric data. These findings provide crucial insight for business leaders, law enforcement, and cybersecurity professionals seeking to better protect critical infrastructure, corporate assets, and national security.
A distinct culture among Russian-speaking cybercriminals
The Russian-speaking cybercriminal world stands out for having developed a distinct culture that combines elite technical skill with strict codes of conduct, reputation-based trust systems, and collaborative norms. In many ways, these groups operate using structures and practices that closely resemble legitimate businesses, with roles, hierarchies, and service offerings tailored to criminal markets.
How geopolitics influences cybercrime
“It’s far more than a marketplace—this is a structured society of cybercriminals where status, trust, and technical capability determine who succeeds,” says Vladimir Kropotov, Threat Researcher at Trend Micro and co-author of the report. Geopolitical shifts have rapidly reshaped the cybercriminal landscape. Political conflicts, rising hacktivism, and shifting alliances have changed collaboration patterns and created new ties with other groups, including increased activity and distribution within the EU.
Cybercriminal activities gaining momentum
Beyond mapping how these underground networks are structured, the report examines specific criminal activities that currently have momentum in these environments—such as ransomware-as-a-service (RaaS), phishing campaigns, brute-force attacks targeting user accounts, and services used for intelligence collection. The analysis identifies how these offerings are marketed, monetized, and supported within underground marketplaces.
Read the full report here.