Task Force Rusich

Task Force Rusich is a violent extremist, far-right sabotage and assault reconnaissance group associated with and operating as a specialized subunit within the Wagner Group. According to the provided content, it was established in 2014 by Alexey Milchakov and Yan Petrovsky and has fought alongside Wagner in Ukraine and Syria. The group has used online channels, including Telegram, to solicit cryptocurrency donations. TRM Labs linked Task Force Rusich to a cryptocurrency-focused malware operation that appears to have generated millions of dollars in cryptocurrency. Investigators identified a public Rusich donation address embedded directly in a malware strain, creating an on-chain link between the group’s public fundraising infrastructure and malware-enabled theft. The malware reportedly included clipboard-hijacking functionality that replaced copied wallet addresses with attacker-controlled addresses, and code references to XMRig, with some Rusich-linked addresses receiving funds from mining pools. TRM assessed this activity as consistent with a hybrid theft-and-mining model, although direct cryptojacking was not conclusively observed in every sample. TRM estimated at least USD 6 million in on-chain volume tied to malware-embedded addresses and related networks, with sustained inflows over multiple years indicating the campaign remained active. On-chain tracing also showed consolidation of funds through shared exchange deposit infrastructure, including flows into TradeOgre deposit addresses, suggesting shared account control or close coordination within a broader financial network. Known alias in the provided content: task_force_rusich.