Colonel Cassad

Colonel Cassad, a self-proclaimed military journalist based in Sevastopol, Russia, has been identified as a potential threat actor in the cybersecurity landscape. The individual is known for soliciting donations for Russian militia group operations in the sanctioned jurisdictions of Donetsk and Luhansk amidst the ongoing conflict between Russia and Ukraine. Notably, Talos cybersecurity researchers have previously indicated possible connections between Colonel Cassad and Fancy Bear, a Russian state hacking unit that has been sanctioned by the European Union. In a recent development, blockchain analysis conducted by Chainalysis revealed that an administrator from LockBit, a notorious cybercriminal organization, made cryptocurrency donations to Colonel Cassad. This revelation came during Operation Cronos, an investigation into LockBit's activities, which was notably successful due to the gang's negligence in updating their PHP settings on their servers in a timely manner. Despite denying some claims made by investigators, including the arrest of two alleged affiliates and the recovery of numerous decryptors, LockBit confirmed the FBI's assertion that its annual income exceeds $100 million, a figure based on data from seized cryptocurrency wallets. The association between Colonel Cassad and LockBit raises serious concerns about the potential for state-sponsored cyber threats. While the exact nature of the relationship remains unclear, the financial link established through cryptocurrency donations suggests a level of cooperation or mutual interest between the two parties. Furthermore, the connection between Colonel Cassad and the sanctioned Russian hacking unit, Fancy Bear, adds another layer of complexity to the situation, highlighting the need for continued vigilance and further investigation.