(Machine translation of German-language article at zdf.de).
Peter Wering reports:
….. Russian groups are currently making little ransom from ransomware attacks…. That is why Russian IT criminals have partially relocated their activities to Ukraine. There they are attacking Ukrainian IT infrastructure on behalf of the Kremlin. But they also use the Internet connections there to carry out a kind of rump business in terms of industrial espionage and ransomware attacks.
After mentioning various APT groups, Wering turns attention to Conti, and how the war has impacted them. Citing Check Point’s analysis, he writes, in part:
Conti boss Stern is not very happy with this situation. He wants to earn more money again with blackmail in Western countries, but needs open and stable Internet connections to the West. He tries to enforce this through his contacts at the Russian domestic secret service. The pressure on the Putin government is also growing from this side. Because Putin can hardly evade the suggestions of old companions from the domestic secret service (which go back to his KGB days). They are part of his power base.