Menu
Browse

Cyber Threat Actor: Russian Cyber-Criminals

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Criminal
Russia
1 incident
Profile

The threat actor ispublicly referenced under the aliases Russian Cyber‑Criminellers, Russian Cyber‑Criminals and the German‑language term russische Cyber‑Kriminelle. Open‑source reporting identifies the group’s base of operations as residing within the Russian Federation. The actor is described in available sources as a collection of cyber‑criminals rather than a state‑sponsored unit, and no public attribution links them to a specific intelligence service or organized crime syndicate.

On 2 November 2023 the actor carried out an intrusion against the corporate network of the KaDeWe Group, a German operator of luxury department stores that includes the Berlin KaDeWe, the Hamburg Alsterhaus and the Munich Oberpollinger locations. According to the company’s statement, the attack began during the night of the preceding Thursday to Friday and was spotted by the organization’s security and warning systems, which enabled an early‑stage blockade and limited the impact. As a precaution the KaDeWe Group shifted its IT infrastructure to an offline emergency mode, later restoring services with only minor operational disruptions. Investigators reported that no customer payment data, account information or passwords were accessed by the attackers, and the firm notified affected customers while filing a police report and maintaining contact with the Berlin Police Cyber Crime Unit. The company’s chief executive, Michael Peterseim, communicated the incident to customers in a round‑mail, emphasizing that the attackers had no access to personal payment or account data and promising swift notification should any impact be identified.

The KaDeWe incident remains the only publicly documented operation attributed to this actor, and no additional campaigns, malware families, initial‑access vectors or tooling details have been disclosed in the sources consulted. Consequently, any description of the actor’s typical targets, geographic focus or strategic objectives must be limited to the observed retail‑sector intrusion in Germany. The available information confirms the actor’s Russian origin and criminal motivation but does not provide further insight into its size, sophistication, affiliations or future intentions.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
2 sources