vadim kruglov

Vadim Kruglov: The Name Nobody Knew They Needed to Fear (But Will Anyway)

By the time the New York Times’ push alert finally caught up, Vadim Kruglov had already cost roughly 38 % of the planet a decent night’s sleep. From his modest office in a Yekaterinburg suburb—decorated, if that’s the word, with a dying ficus and a motivational poster that reads “Excellence Is a Process”—Kruglov has spent the last decade quietly rewiring how the world keeps, steals, and panics about data. If that sounds melodramatic, congratulations: you still believe the internet is mostly cat videos and recipes, rather than the world’s longest hostage negotiation.

Kruglov’s particular genius lies in what cyber-insurance people call “persistence frameworks,” which is jargon for malware that refuses to take a hint. His flagship creation, “Matryoshka,” burrows into industrial firmware the way regret burrows into a 3 a.m. inbox: layer after layer, until the only practical remedy is a ceremonial bonfire of every motherboard in a five-mile radius. The code has now been found in the control systems of hydro dams from Quebec to Queensland, and in the traffic lights of at least three EU capitals—although Brussels insists those outages were “routine maintenance,” a phrase here meaning “we have absolutely no idea how to fix this.”

Western intelligence agencies first noticed Kruglov in 2016, when a routine audit at a Lithuanian LNG terminal uncovered a snippet of Cyrillic commentary reading, essentially, “If you’re reading this, you’re already bankrupt.” It was signed “V.K.”—the kind of calling card that thrills bureaucrats and terrifies actuaries. Since then, attribution has become a geopolitical parlour game: Washington blames Moscow, Moscow blames “non-state actors,” and everyone quietly checks the price of cyber-extortion insurance, which now costs more than insuring a teenager in a Lamborghini.

The truly exquisite twist is that Kruglov isn’t even technically a criminal—at least not in the jurisdiction most motivated to prosecute him. He operates through a holding company registered in the Seychelles, employs contractors via a Seoul-based freelance platform, and pays taxes—yes, taxes—in Russia’s new “IT technopark” zone, where hacking tools are treated much like Bordeaux wines: terroir matters, provenance is negotiable, and nobody asks too many questions about the barrels. When the FBI politely requested an interview last year, Russian media responded with a 45-minute talk-show segment titled “Why Foreign Spies Fear Our Programmers,” intercut with stock footage of bears playing hockey. The message was subtle as a sledgehammer: hands off our national resource.

Global implications? Picture the butterfly effect, but the butterfly is drunk, on fire, and carrying a zero-day exploit. In March, Matryoshka’s latest variant froze cocoa-futures trading in London for six hours; by noon, chocolate bars from Zurich to Santiago had jumped 11 % in price, proving once again that civilization runs on sugar and denial. Meanwhile, the International Maritime Organization now recommends that all new vessels carry “manual override skills,” a phrase that translates to “remember how to steer if Windows decides to update.”

And yet, Kruglov himself remains almost disappointingly human. Former classmates describe a quiet kid who corrected teachers’ math and once built a Wi-Fi antenna out of a Pringles can—standard-issue nerd folklore, except the antenna later became part of a Crimean propaganda relay. Colleagues say he drinks supermarket instant coffee, quotes Dostoyevsky with the enthusiasm of a man who skimmed the Wikipedia summary, and harbours a sincere belief that all governments are “legacy code.” He is, in short, the kind of person you’d ignore at a house party right up until the moment the lights go out and Spotify starts playing the Russian national anthem on loop.

So what happens next? The boring answer is more summits, more sanctions, and more six-figure consultancy PDFs entitled “Resilience in the Age of Hybrid Threats.” The interesting answer is that Kruglov has already seeded the next iteration of Matryoshka inside the firmware of smart lightbulbs, because nothing says “future of warfare” quite like your living-room lamp joining a botnet. Somewhere in Yekaterinburg, a ficus wilts gently on a windowsill while the world rehearses its next outage. And if you listen closely—preferably through a very well-patched firewall—you can almost hear the man himself chuckling at the absurdity of a planet that thought convenience was the same thing as safety.