REvil Case Investigation Stalls After US Ends Cooperation

According to a report by Kommersant, the criminal investigation into alleged members of the REvil hacker group, who were detained by the FSB following a tip from US intelligence agencies, has come to a standstill. The main reason is that American authorities have withdrawn from further cooperation with Russia, leaving prosecutors able to charge the suspects only with bank card fraud involving two Mexican nationals living in the US. Lawyers for the accused plan to use this development to seek their clients’ release.

Background on the REvil Group Arrests

The REvil hacker group ceased operations in January 2022 after the FSB announced the arrest of 14 individuals connected to the group. Searches were conducted at 25 locations in Moscow, St. Petersburg, and the Leningrad and Lipetsk regions. The FSB stated that the operation was initiated following a request from US authorities.

The Tverskoy District Court in Moscow ordered eight of the alleged group members to be held in custody. They were charged with acquiring and possessing electronic means intended for illegal money transfers as part of an organized group (Part 2, Article 187 of the Russian Criminal Code), which carries a penalty of up to seven years in prison.

Breakdown in International Cooperation

Journalists report that the defense team for one of the accused, Dmitry Korotaev, appealed to Oleg Khramov, Deputy Secretary of Russia’s Security Council. About a month ago, Khramov told Rossiyskaya Gazeta that the investigation had effectively stalled due to the actions of former US Security Council partners. After a series of phone calls between the Russian and US presidents in summer 2021, a joint working group on cybersecurity was formed. The US side requested the immediate arrest of the “main hacker,” St. Petersburg restaurateur Daniil Puzyrevsky. Russian authorities conducted their own investigation and, in January 2022, detained the entire group, including Puzyrevsky.

According to Khramov, Russia fulfilled its part of the agreement, but the US never provided the promised additional evidence linking the suspects to the crimes, nor did they confirm any damages from extortion. “Moreover, they notified us that they were unilaterally withdrawing from the negotiations and closing the communication channel,” Khramov said.

Current Status of the Case

Igor Vagin, head of Legal Consultation No. 185 of the Inter-Republican Bar Association, noted that despite the FSB’s earlier statements about dismantling the international “REvil hacker criminal organization,” the Investigative Department of the Ministry of Internal Affairs has only managed to charge eight suspects with illegal acquisition, possession, and use of electronic means for unauthorized money transfers (Part 2, Article 287 of the Russian Criminal Code).

According to expert findings from the United Credit Card Company, the victims were two US citizens, presumably of Mexican descent. Investigators allege that the accused remotely stole money from their cards and used it to buy goods from US online stores via the Mail Order – Telephone Order system. However, the defense points out that investigators have neither identified the victims nor established the amount of damage, making it unlikely they will be found now.

Legal and Procedural Challenges

Vagin and his colleague, Evgeny Krylov from the Alliance Law Agency, told the Security Council representative that the group’s alleged criminal activity within Russia was never discussed, and the REvil criminal case still has no identified victims or specified damages. Due to this lack of information, the investigation has essentially stalled. Krylov explained that Dmitry Korotaev has not been questioned once during his four months in pre-trial detention.

Vagin believes that submitting the case to court without victims or proven damages is pointless. For the same reason, authorities are unlikely to succeed in confiscating the accused’s assets, which include $600,000, €500,000, 20 luxury cars, and bitcoins worth 426 million rubles.

Vagin suggests that a plea deal with the Prosecutor General’s Office would be a reasonable solution, but the Security Council declined to comment on the lawyers’ appeal, only stating that the cybersecurity working group includes representatives from the Prosecutor General’s Office, the Investigative Committee, the FSB, the Ministry of Internal Affairs, and other agencies.