Russian Authorities Take Down the Hackers That Stole Apple’s Blueprints

hacker police takedown Credit: Gorodenkoff / Shutterstock
Text Size
- +

Toggle Dark Mode

The hacking group that tried to extort a hefty ransom fee out of Apple over stolen MacBook Pro blueprints last spring has just been taken down by Russian authorities, acting on a request from U.S. law enforcement.

REvil, which is short for “Ransomware Evil,” is believed to have been behind a number of high-profile ransomware attacks over the past year that go well beyond technology companies like Apple. Other targets have included Colonial Pipeline, JBS Foods, and Kaseya.

Compared to targets like those, Apple may seem like relatively small potatoes, but to groups like REvil, it’s not the nature of the quarry that matters, but rather how much money they think they can export out of it, and in that respect, the world’s most valuable company makes a pretty attractive target.

Technically speaking, REvil originally stole the schematics from Quanta, demanding its $50 million ransom from there. When Quanta failed to pay up, however, it presumably figured it might have an easier time getting $50 million out of a company that has over $200 billion sitting in the bank.

Of course, paying out in situations like these is never a good idea, and no matter how much of a trifle $50 million may be to a company the size of Apple, it’s fair to say that it wouldn’t have capitulated even if REvil was only asking for one dollar.

To prove it was serious, REvil released 21 screenshots showing schematics for unreleased Apple products only hours before Apple’s Spring Loaded event, spoiling at least a few of its surprises, including its colourful new M1 iMacs. The schematics also revealed details about the 14-inch and 16-inch MacBook Pro lineup that would come later that year, although they mostly confirmed rumours we’d already been hearing for a while.

Only a week later, however, all trace of the schematics mysteriously vanished, despite the group’s threat to continue releasing schematics daily. Not only did the group go quiet, but they actually removed all references related to the ransomware attack from their dark web blog.

We still don’t know what happened, but it seems like for whatever reason the group decided to go to ground, perhaps to evade law enforcement officials that may have been closing in. There’s also evidence that’s been fraught with internal strife, which isn’t surprising, as there likely isn’t much honour among thieves.

Russian Authorities Move In

As an organized crime ring, it seems that REvil had likely already failed in late 2021, after the U.S. Department of Justice charged a 22-year-old Ukrainian citizen who was linked to the gang over the attack on Kaseya. Europol also arrested several other members of REvil in the weeks that followed, and U.S. officials announced a $10 million reward for information that could lead to the identification or the location of anyone holding a key position in the REvil group.

After all that, it’s fair to say that those that hadn’t yet been caught were keeping a low profile, but it obviously wasn’t low enough, as the Russian Federation’s Federal Security Service (FSB) appears to have picked up many of the remaining ringleaders.

According to an FSB press release, law enforcement officials raided the homes of 14 members of the group, seizing various forms of currency collectively worth nearly $7 million, including cryptocurrency, plus computer equipment and crypto wallets used to commit crimes. They also seized 20 premium cars that were purchased with funds obtained by criminal means.

This latest operation marks the end of REvil, says the FSB, which notes that it’s been able to piece together “the full composition of the criminal association,” and the scope of its illegal activities.

As a result of joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal association ceased to exist, the information infrastructure used for criminal purposes has been neutralized.Russian Federal Security Service

The REN TV channel also aired footage of agents raiding homes and arresting people, and seizing piles of dollars and Russian rubles. Those arrested have been charged under the Criminal Code of Russia and could each face up to seven years in prison.

Sources speaking with the Russian news agency Interfax say that despite the FSB’s cooperation with the U.S., it does not plan to hand over REvil members who have Russian citizenship to the United States. This is a matter of “the Basic Law of the Russian Federation,” which prohibits the extradition of Russian citizens to a foreign state. This wouldn’t apply to those members of REvil who are not Russians, although the FSB hasn’t disclosed whether that’s the case with everyone who has been arrested, and in fact they haven’t yet disclosed the identities of any members of the group.

Social Sharing