Financial Perspective Thought Experiment on Russian Cyber Threat Actors

Due to the advancement of information and communication technology and related services, the digital world has reached many people, private companies, and governments, and meanwhile, threat actors regarding motivation, knowledge, and capabilities have also evolved, and thus, today, they compete and collaborate with others. Financially motivated threat actors also do businesses; as such, with a higher sophistication level, they create tools and provide them as Malware as a Service (MaaS) for renting, and if they can extract accounts, they launder those amounts of cash through hardly traceable channels. In contrast, state-sponsored threat actors act according to the government’s political and military needs. The Russian government lets independent threat actors freely conduct various cyberattacks, including cyber espionage, sabotage, and ransomware attacks on non-Russian geolocations and entities, meanwhile financing its threat actors to achieve social and political activities. As such, providing a thought experiment, the paper examines the potential income of a for-profit organization, the related tax income, and the costs of operating a government-related threat actor. To conduct the analysis, it provides a methodological approach and applies that to TA542 and APT28 threat actors, using inputs from open-source intelligence.