A financial investigator accidentally stumbled upon the dubious activities of a neo-Nazi group in Russia. The pro-Western newspaper Medusa in exile reported on his findings:
In July 2022, Artem Irgebaev downloads a shooting game from a torrent site: «Synthetic: Legion Rising». After the torrent file finishes downloading, he notices “unhealthy behavior”. Anyone who has ever contracted a virus on such sites knows the symptoms: busy computing power, unknown programs running in the background, etc. etc.
Artem and his friends, who also got the game, notice something is wrong: “We immediately turned off the internet and started looking for the malware.” Upon closer inspection, he sees “cryptowallet addresses wrapped in code”. So the case is clear: his PC was infected with so-called “clipboard malware”.
In addition to this rather difficult to detect malware, there is a second one hidden in the game file: a crypto-mining program. The victim’s computer “coins” cryptocurrencies (consuming computing power and electricity in the process) and sends them to a wallet. Nothing unusual, Irgebaev tells Medusa.
Militant neo-Nazis at work
Out of curiosity, Artem googles the addresses to see who they belong to:
Rusich is one of the neo-Nazi paramilitary groups fighting alongside the Russian army in Ukraine. However, as they are not formally part of the military, such units must self-fund their equipment and medical care. The perfect solution for this: cryptocurrencies.
According to Russitsch, the money transferred to these wallets is actually used for equipment and supplies; in a Telegram post, the group even published a list of necessary materials. As of September 2022, five of the Rusitsch wallets are on a US sanctions list.
From mercenaries and hackers
One of the wallet addresses also appears on the website of Ukrainian charity Happy New Life. Anyone willing can provide financial support to the Ukrainian armed forces and refugees there – including with crypto payments. The foundation was established in June 2022 in Dnipro and originated from a local volunteer movement. Why then do the foundation’s donations go to Russitsch?
The founder of the foundation, Daniel Ovcharenko, does not know how the Rusich address ended up on his website. He tells Medusa that the address of the foundation’s wallet should actually be there:
He admits that he himself had almost no input on the website and that it was created ‘quickly and cheaply’.
Fast and cheap often means poor security. So for financial detective Irgebaev it is clear: Rusich hacked the site and mixed up the addresses:
The Happy New Life site is now in service mode. The linked Rusitsch wallet is still in use, currently holding over 7000 francs in Ethereum (at the current exchange rate).
Connections to online drug trafficking
Back to Artem’s PC. The malware infection occurred right after the game files were downloaded. This suggests that the group created the malware themselves and embedded it into the game on the torrent site. However, according to Irgebaev, that is not necessarily the case: it is very likely that the neo-Nazis have hired professional cybercriminals to help.
Such cybercrime services are easy to find on the dark web. Rusitsch has connections there, too: Irgebaev was able to prove that between July and October 2022, the group received the equivalent of more than 1,700 francs from three separate drug exchanges.
It is unlikely that Rusitsch himself sells drugs on the Internet, and that the operators of these exchanges also paid the group for their (military) services.
The most obvious solution is that drug exchanges have been used to make payments anonymously. On such platforms you buy an internal currency with “normal” cryptocurrencies. This is then used to pay for the medicines, service, etc. These internal transactions do not appear in the blockchain. So you can only see that you spent money on the exchange, but not to whom the money went.
More than 150,000 francs in “donations”
Most of the wealth on the Rusitsch wallets comes from instant transactions. Since the official Telegram donation addresses and the malware addresses are the same, it’s not possible to determine exactly how much of it came from which source. However, the transactions have curious features:
Considering that these “donations” came from Telegram users who saw Rusitsch calls in a channel, these numbers are very high. The average donation amounts in particular seem dubious.
What does Russian say?
Medusa questioned the leader of the group, Alexei Milchakov, about the issue: the large amount of money, the hacked foundation, the malware attacks, the drug exchanges. Milchakov unabashedly admits everything:
The finance department conducts crypto, gemstone, cash transactions and money laundering operations (only outside of Russia we adhere to the laws of our country).
This also includes business trips to international black market traders who want to support us as a sponsor (Mexico, Hong Kong, Somalia, etc.). Our “project”, in our opinion, has “great support from gangs and cartels unhappy with US global hegemony”.
Milchakov emphasizes that he himself does not receive any money from the donations; he only determines how it is spent.
In September, on the Rusich channel, Milchakov suggested to Russian soldiers to blackmail relatives of Ukrainian prisoners of war: “Leave the bodies alone [der toten Gefangenen] don’t just lie down, take a picture where the face is clearly visible. Then you contact the next of kin and offer them the place where their loved one is buried for $2,000.”
Soource :Watson
I am Amelia James, a passionate journalist with a deep-rooted interest in current affairs. I have more than five years of experience in the media industry, working both as an author and editor for 24 Instant News. My main focus lies in international news, particularly regional conflicts and political issues around the world.
