Kaspersky Lab Incident Investigations Head Arrested In Russia For Treason

Security firm says the case doesnt affect its computer incidents investigation operations.

Kaspersky Lab confirmed today that one of its top cybersecurity investigators was arrested in December in Russia, reportedly amid charges of treason.
News of the arrest of Ruslan Stoyanov, head of Kaspersky Labs computer incidents investigations unit, as well as Sergei Mikhailov, deputy head of the information security department at the FSB, first came via Kommersant, a Russian economic newspaper, and word later spread to US news media outlets.
Stoyanov, who had been with Kaspersky Lab since 2012, led the firms cybercrime investigation that ultimately led to the 2016 arrests of 50 members of the so-called Lurk cybercrime gang that stole more than $45 million from Russian financial institutions. The case was said to be Russias largest-ever crackdown on financial cybercrime.
Stoyanovs arrest sent a chill throughout the security research community, with speculation by some that his cybercrime investigative efforts may have somehow gotten a little too close to Russian nation-state hacking efforts. Russian hacking has been in the spotlight since the US intelligence community published
an unclassified report
that concludes Russia - under the direction of Vladmir Putin - attempted to influence the US presidential election via hacks and leaks of data from the Democratic National Committee and Clinton campaign manager John Podesta.
According to Kaspersky Lab, the nature of Stoyanovs arrest predates his employment with the security firm. The case against this employee does not involve Kaspersky Lab. The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab, the company said in a statement.
Stoyanov, a former head of network security for Russian ISP OJSC RTComm.RU, also was with Ministry Of Interiors Moscow-based Cyber Crime Unit in the early 2000s.
Security experts say his arrest underscores the sometimes-blurred lines between Russian cybercrime gangs and cyber espionage activity. I think he flew too close to the sun as his recent investigations more than likely unearthed elements of the Pawn Storm campaign, says Tom Kellermann, CEO fo Strategic Cyber Ventures. This is a red flag to all security vendors who expose the nexus between the cybercriminal conspiracies and the Russian cyberespionage campaigns.
Pawn Storm, aka Fancy Bear and APT 28, was one of the Russian state hacking groups implicated in election-related hacks against the US.
Researcher Business As Usual
While Kaspersky Lab said it had no information of the details of the investigation of Stoyanov and that no official information had been released by the Russian government on the case, the company also maintained that the arrest would not affect its current or future research into Russian cyber activities.
The company said that as an IT security company, Kaspersky Lab is determined to detect and neutralize all forms of malicious programs, regardless of their origin or purpose.
For now, Stoyanov is officially suspended from his post at Kaspersky Lab, according to the company. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.
Stoyanov in 2015 authored
a detailed report for Kaspersky Lab
on how Russian financial cybercrime works. The report notes how the risk of prosecution is low for Russian-speaking cybercriminals: The lack of established mechanisms for international cooperation also plays into the hands of criminals: for example, Kaspersky Lab experts know that the members of some criminal groups permanently reside and work in Russia’s neighbors, while the citizens of the neighboring states involved in criminal activity often live and operate in the territory of the Russian Federation, he wrote.
Kaspersky Lab is doing everything possible to terminate the activity of cybercriminal groups and encourages other companies and law enforcement agencies in all countries to cooperate, he wrote.
Aleks Gostev, chief security expert for Kaspersky Labs Global Research and Analysis Team, in a tweet today said that Stoyanov never worked with any APT stuff, dismissing some online speculation that the arrest was somehow related to cyber espionage research.
He tweeted that the case wouldnt stop the security firm from its work. Kaspersky Lab is an international team of experts. Its impossible to prevent us from releasing data.
Related Content:
Putin Directed Cyberattack, Propoganda Operation To Influence US Election
DHS-FBI Report Shows Russian Attributions A Bear
Russian Cyberspies Leaked Hacks Could Herald New Normal
FBI, DHS Report Implicates Cozy Bear, Fancy Bear In Election-Related Hacks

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Kaspersky Lab Incident Investigations Head Arrested In Russia For Treason