TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Recorded Future Blog

Rublevka Team: Anatomy of a Russian Crypto Drainer Operation

2026-02-04 · Read original ↗

ATT&CK techniques detected

5 predictions
T1657Financial Theft
96%
"rublevka team : anatomy of a russian crypto drainer operation executive summary insikt group has identified a major cybercriminal operation specializing in large - scale cryptocurrency theft, operating under the moniker “ rublevka team ”. since its inception in 2023, the threat g…"
T1657Financial Theft
93%
", signaling a continuation of the broader shift toward scalable, service - based cybercrime that organizations must proactively monitor, disrupt, and defend against to protect customers and maintain trust. key findings the objective of a rublevka team scam is to create an attract…"
T1657Financial Theft
88%
"over 90 wallet types. by lowering the technical barrier to entry, rublevka team has built an extensive ecosystem of global affiliates capable of launching high - volume scams with minimal oversight. this structure poses a growing threat to cryptocurrency platforms, fintech provid…"
T1583.005Botnet
58%
"bots, offering affiliates tools for landing page creation, campaign tracking, cloaking, and distributed denial - of - service ( ddos ) protection. the drainer campaign, active since 2023, leverages spoofed versions of legitimate services such as phantom, bitget, and jito to maxim…"
T1584.005Botnet
40%
"bots, offering affiliates tools for landing page creation, campaign tracking, cloaking, and distributed denial - of - service ( ddos ) protection. the drainer campaign, active since 2023, leverages spoofed versions of legitimate services such as phantom, bitget, and jito to maxim…"

Summary

Rublevka Team exemplifies the industrialization of crypto scams. Learn how traffer teams and wallet drainers enable high-volume theft.