The main revenue streams for Russian cybercriminals are private distributed denial-of-service (DDoS) campaigns and the exploitation of cryptocurrency services. This assessment comes from an interview with Chapaev, the alleged leader of the pro-Russian hacker collective known as Phoenix, reported by the outlet socialbites.ca.
Chapaev notes that there are orders for DDoS campaigns coming from abroad. He cites recent requests from Italy and Spain aimed at government websites. He explains that these demands appear to be tied to political tensions, with opposition movements challenging the current administration. This provides a glimpse into how international clients view these cyber operations as leverage in their political disputes, even if the work is illegal and dangerous.
According to the Phoenix figure, cybercriminals can pull in profits amounting to hundreds of thousands of rubles each month. Yet he stresses that hacktivism remains an unstable and irregular income source, susceptible to shifts in operations, market demand, and the risks inherent to illicit activity.
Chapaev emphasizes that the group sometimes faces a stark contrast between high-pay periods and ordinary life. He suggests that leadership payments might spike to substantial sums in a given month, only to drop if the group needs to blend back into ordinary work to cover loans and sustain the operational capabilities of the organization. His remark underlines the precarious financial calculus that drives illicit hacking crews—balancing ambitious projects with moment-to-moment survival needs.
Phoenix hackers are portrayed as active supporters of Russia in the ongoing conflict, sometimes described as part of a broader information and cyber operations effort. Reports indicate that they have conducted large-scale DDoS actions against foreign institutions, including a notable attack on a European government ministry. Chapaev indicates that even after the current military campaign concludes, he and his team intend to continue their activities in European contexts, while not ruling out the possibility of steering some operations toward legal business activities that could be framed as beneficial to citizens in their view of the country. This portion of the dialogue highlights how some cyber actors pivot between illicit activity and rhetoric about national service or public interest, a pattern seen in various state-aligned or self-styled hacktivist groups around the world.
For readers seeking more background on how the Phoenix group formed and what it has pursued, researchers and investigative outlets have published profiles and reports. These sources discuss the evolution of Phoenix, its operational methods, and its claimed objectives, while noting the broader risks and legal implications of such activity. The landscape remains complex, with researchers urging caution about attribution, motive, and the real-world impact of high-profile cyber actions. Marked analyses from security researchers and journalism on this topic help contextualize how such actors fit into current cyber threat ecosystems and geopolitics.