U.S. adversaries increasingly turning to cybercriminals and their malware for help | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"U.S. adversaries increasingly turning to cybercriminals and their malware for help\"> <meta property=\"og:description\" content=\"A Google Threat Intelligence Group report notes that Russia in particular has been doing this since the Ukraine war began.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-02-12T00:01:00+00:00\"> <meta property=\"article:modified_time\" content=\"2025-02-11T22:23:42+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1120\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1739294329g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1736472017g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1739308213g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=5e4722b3d0055288d011\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83470\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83470\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fu-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fu-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83470 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.462818003914\">\n<div class=\"single-article__header-content\" readability=\"34.208955223881\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> A Google Threat Intelligence Group report notes that Russia in particular has been doing this since the Ukraine war began. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83470\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"373\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help.jpg?resize=640%2C373&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg?resize=300,175 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg?resize=768,448 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg?resize=1024,597 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg?resize=1536,896 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg?resize=600,350 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg?resize=288,168 288w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg?resize=578,337 578w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg?resize=1157,675 1157w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-2.jpg?resize=1445,843 1445w\" sizes=\"(max-width: 1157px) 100vw, 1157px\"><figcaption> Flags of Russia, North Korea, China and Iran together on textured wall; iStock\/Getty Images Plus, Ruma Aktar <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"37.692810457516\"><body readability=\"77.650575566283\"><\/p>\n<p>Governments of the United States\u2019 chief adversaries in cyberspace, especially Russia, have increasingly been relying on cybercriminals and their tools to advance their goals, according to a Google report published Tuesday.<\/p>\n<p>There\u2019s long been overlap between government and criminal cyber operators, but governments are now enjoying the benefits of collaboration and borrowing more \u2014 both for the general boons they can provide, but also in response to some specific conditions, the Google Threat Intelligence Group report concludes.<\/p>\n<p>\u201cGoogle assesses that resource constraints and operational demands have contributed to Russian cyber espionage groups\u2019 increasing use of free or publicly available malware and tooling, including those commonly employed by criminal actors to conduct their operations,\u201d it states.<\/p>\n<p>The war in Ukraine has driven Russia in particular. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>For instance, since the invasion of Ukraine, the Russian military intelligence-sponsored hackers known alternately as APT44, Sandworm and by other names have used cybercriminal malware like Radthief and Warzone, the latter of which was the target of <a href=\"https:\/\/www.justice.gov\/archives\/opa\/pr\/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales\">a U.S. operation<\/a> to seize internet domains used to sell it last year.<\/p>\n<p>But Google has watched similar trends from China, Iran and North Korea. In May of last year, Google saw an Iranian hacking group also using Radthief.<\/p>\n<p>\u201cThe vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states,\u201d said Ben Read, senior manager for the group. \u201cThese capabilities can be cheaper and more deniable than those developed directly by a state.\u201d<\/p>\n<p>Sometimes the overlap is more direct. China has used cybercriminal gangs to hide its espionage efforts, for example, Google said. <\/p>\n<p>Other cyber firms, <a href=\"https:\/\/www.trellix.com\/blogs\/research\/blurring-the-lines-how-nation-states-and-cybercriminals-are-becoming-alike\/\">such as Trellix<\/a>, have likewise noticed an increase in the blurriness of the lines between nation-states and criminals. \u201cRecent evidence suggests an unsettling convergence of tactics, techniques, and even objectives, making it challenging to distinguish between them,\u201d Tomer Shloman, a security researcher at the company, wrote last month.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>It all leads to the notion that cybercrime is a threat to national security, not just wallets, according to Google.<\/p>\n<p>\u201cCybercrime has unquestionably become a critical national security threat to countries around the world,\u201d said Sandra Joyce, vice president of Google Threat Intelligence. \u201cThe marketplace at the center of the cybercrime ecosystem has made every actor easily replaceable and the whole problem resilient to disruption.\u201d<\/p>\n<p>You can read <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/cybercrime-multifaceted-national-security-threat\">the full report<\/a> on Google\u2019s website.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S. adversaries increasingly turning to cybercriminals and their malware for<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1895,271,282,387,513,647,270,880,768,354],"tags":[1896,277,286,391,517,240,276,881,770,358],"class_list":["post-7290","post","type-post","status-publish","format-standard","hentry","category-apt44","category-china","category-cybercrime","category-google","category-iran","category-north-korea","category-russia","category-sandworm","category-trellix","category-ukraine","tag-apt44","tag-china","tag-cybercrime","tag-google","tag-iran","tag-north-korea","tag-russia","tag-sandworm","tag-trellix","tag-ukraine"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt44\/\" rel=\"category tag\">APT44<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korea\/\" rel=\"category tag\">North Korea<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sandworm\/\" rel=\"category tag\">Sandworm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trellix\/\" rel=\"category tag\">Trellix<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ukraine\/\" rel=\"category tag\">Ukraine<\/a>","tag_info":"Ukraine","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7290"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7290\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7290,"date":"2025-02-11T18:01:00","date_gmt":"2025-02-12T00:01:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83470"},"modified":"2025-02-11T18:01:00","modified_gmt":"2025-02-12T00:01:00","slug":"u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/02\/11\/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help\/","title":{"rendered":"U.S. adversaries increasingly turning to cybercriminals and their malware for help"},"content":{"rendered":"