“DarkSide group is a network of different operators that conduct subversions on behalf of the DarkSide name. While there is a requirement to be affiliated with a DarkSide group that you have to speak the Russian language, it doesn't mean that every single operator is located within Russia. We assess that the majority of the operators are Eastern European criminals,” Carmakal said on Wednesday.
Carmakal said that his company does not possess any information indicating that the recent attacks against Colonial Pipeline and the meat producer JBS were directed by the Russian government.
At the same time, Carmakal welcomed US government attempts to encourage the Russian side to try to apprehend the cybercriminals as well as to stop them from conducting harmful operations.
The cyberattack on the major US fuel transporting facility Colonial Pipeline occurred on May 7 and triggered a gas outage crisis across the southern US states. The attack was attributed to an unknown group of allegedly Russian-speaking hackers. However, President Joe Biden said on several occasions that there was no evidence Russia was involved.
FireEye assisted the investigation of the Colonial Pipeline ransomware attack by respective US agencies.