In his role at Kaspersky, Stoyanov was in charge of incident response, the group that helped organizations investigate and recover from breaches or other security events. According to his LinkedIn profile, prior to his 2012 move to Kaspersky, he spent six years as a major in the Ministry of Interior’s cybercrime unit between 2000 and 2006 before moving into the private sector.
Kaspersky Lab investigator arrested for Treason
Kaspersky Lab’s head of cybercrime arrested in Russia for treason
From CyberScoop:
Ruslan Stoyanov, the man in charge of investigating hacking incidents at Kaspersky Lab, was arrested in December on treason charges, Russian media reported early Wednesday. Kaspersky confirmed the arrest to Russian state media but emphasized that the investigation was against Stoyanov as an individual and not Kaspersky as a company.
News of the arrest first hit when Kommersant, a daily newspaper, cited a source in Russia’s Federal Security Service (FSB). FSB’s Sergey Mikhailov, the cybersecurity deputy chief at the agency, was also arrested after being bribed by an unspecified foreign organization to share data on Russian hacking.
Russian law enforcement has not yet commented on the case. Both have remained in pre-trial detention for the last month.
Despite the arrests having taken place in December, the full details of the case remain mostly unavailable. It’s not clear who else might have been arrested, what data was shared and which “foreign organization” is in question.
The company said in a statement that Stoyanow is “under investigation for a period predating his employment at Kaspersky Lab.”
Earlier this month, Kommersant wrote about the possible resignation of FSB’s top cyber cop over the relationship to one of his deputies. Mikhailov might fit the bill.
Stoyanov spent six years (2000 to 2006) doing forensics at the Moscow Cyber Crime Unit at Russia’s Ministry of Interior. He worked at Kaspersky for four and a half years.
Just last year, Stoyanov worked with Russian law enforcement on “Russia’s largest cybercriminal arrest.” The operation resulted in the arrest of 50 people who allegedly stole $50 million.
Kaspersky, a Russian firm founded in 1997, is one of Europe’s largest cybersecurity firms with over $600 million in annual revenue.
Kaspersky Lab confirmed that Stoyanov was under investigation for activity during a period predating his employment at the company, and added, in a public statement, “We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.”
Stoyanov’s LinkedIn page lists his previous employer as the Ministry of the Interior’s Cyber Crime Unit.
Four intelligence officers working in various branches of the US government told BuzzFeed News this week that they had no insight into the arrests of Stoyanov and Mikhailov, with one explaining, “it’s above my paygrade.”
—————
The case against Stoyanov and Mikhailov has been filed in a secret military tribunal under Article 275 of the country’s constitution, which allows the government to investigate individuals they suspect of spying for a foreign state.