****
Russia has earned a notorious reputation in the world of cybercrime and state-sponsored hacking. From elite military intelligence units conducting espionage and disruptive operations to profit-driven ransomware gangs causing billions in global damages, Russian-linked actors dominate many high-profile cyber threats. The FBI’s Cyber Most Wanted list features numerous Russian nationals, with indictments covering election interference, data breaches, destructive malware, and massive financial theft. Due to Russia’s general refusal to extradite its citizens, most remain at large, often residing in Russia or under varying degrees of state protection.
### State-Sponsored Hackers: GRU and Intelligence Operations
Many of the most sophisticated attacks trace back to Russia’s Main Intelligence Directorate (GRU), particularly units like 26165 (Fancy Bear/APT28) and 74455. These groups focus on espionage, influence campaigns, and destructive actions that align with Russian strategic interests.
**Dmitriy Sergeyevich Badin**, a GRU officer, was indicted for his role in the 2016 U.S. presidential election interference. He and colleagues allegedly hacked the Democratic National Committee (DNC) and other targets, stealing documents later released to disrupt the election. Badin has also been linked to hacks on anti-doping agencies (WADA) and Olympic organizations. He is believed to be in Moscow.
**Anatoliy Sergeyevich Kovalev**, another GRU officer from Unit 74455, faces charges related to the same 2016 election hacking as well as broader destructive malware campaigns. These include attacks resembling NotPetya, which caused widespread disruption in Ukraine, Europe, and beyond, plus operations targeting the 2018 Winter Olympics. Other GRU-linked individuals, such as Ivan Sergeyevich Yermakov and members of the same units, appear in multiple indictments for election meddling, infrastructure attacks, and global cyber operations.
Recent examples of GRU activity include **Operation Masquerade** in 2026, where the FBI and Justice Department disrupted a DNS hijacking campaign that compromised routers in over 23 U.S. states and elsewhere. The operation targeted sensitive military, government, and critical infrastructure data, highlighting ongoing efforts by Fancy Bear/APT28 to weaponize everyday network devices.
These state actors typically employ advanced techniques such as spear-phishing, zero-day exploits, and custom malware for long-term access and data exfiltration.
### Criminal Hackers and Ransomware Syndicates
Alongside state operations, Russia hosts a vibrant ecosystem of financially motivated cybercriminals. While some operate independently, overlaps with state interests sometimes occur—such as avoiding Russian targets or receiving selective tolerance.
**Evgeniy Mikhailovich Bogachev** tops many lists as one of the most enduring threats. As the alleged leader of the GameOver Zeus botnet, he orchestrated banking fraud that stole over $100 million. The FBI has offered a $3 million reward—one of the largest for cybercrime—and considers him a major racketeering figure. He remains at large, widely believed to be in Russia.
**Maksim Yakubets**, associated with the Evil Corp group, has been accused of deploying malware like Dridex to steal or extort more than $100 million from victims in over 40 countries. The U.S. government has offered a $5 million reward for information leading to his arrest, and he faces sanctions and indictments.
**Alexsey Belan** (also known as Aleksey Belan) has been indicted multiple times for hacking U.S. e-commerce companies, stealing vast amounts of data, and participating in the massive Yahoo breach alongside FSB officers. He has appeared on the FBI’s Cyber Most Wanted list for years and is subject to an Interpol Red Notice. Previous extradition attempts failed.
**Mikhail Matveev** (online aliases “Wazawaka,” “Boriselcin,” and others) served as a prolific ransomware affiliate linked to groups including Hive, LockBit, Babuk, Conti, and DarkSide. Indicted by the U.S. for attacks on companies and critical infrastructure, he once trolled American authorities publicly. Russian authorities arrested him in late 2024 on domestic charges related to malware creation; he reportedly paid fines, had cryptocurrency seized, and was released on bail with limited freedom.
Other prominent ransomware operations, such as REvil and Conti, have caused enormous economic harm through “big game hunting”—targeting large organizations for multimillion-dollar ransoms. Russia occasionally arrests members when their activities disrupt domestic interests, but the broader criminal ecosystem continues to evolve with new variants and affiliates.
### Patterns and Challenges
A clear divide exists between **state-sponsored** actors (focused on espionage, disruption, and geopolitical goals) and **criminal groups** (driven primarily by profit). However, boundaries can blur, with some criminals enjoying tacit protection as long as they do not target Russian entities.
The U.S. has responded with dozens of indictments, multimillion-dollar bounties (up to $10 million in some cases), and technical disruptions like the 2026 router hijacking takedown. Yet extradition remains nearly impossible, and some suspects live relatively openly in Russia.
A 2025 documentary titled *Russia’s Most Wanted Hackers* examines these figures and groups, including Fancy Bear and Cozy Bear operations against Western targets, elections, and Ukraine. It explores their methods and offers insights into defense strategies.
### Staying Protected
Both state and criminal actors rely heavily on phishing, unpatched software, and weak credentials. Basic defenses—such as enabling multi-factor authentication, keeping systems updated, using strong unique passwords, and maintaining reliable backups—remain highly effective against most threats.
For the latest information, consult the FBI’s official Cyber Most Wanted page, as statuses can shift with new indictments, arrests, or disruptions. The cyber landscape continues to evolve, but the prominence of Russian-linked hackers underscores the persistent global challenge they represent.
