Germany’s BKA has publicly attributed GandCrab and REvil ransomware operations to two named individuals believed to reside in Russia; no new CVEs, active exploits, or operational threat vectors are disclosed. The primary historical technical significance is the 2021 Kaseya VSA supply chain attack (CVE-2021-30116), which should have been remediated in 2021. This item carries no immediate defensive urgency but serves as a prompt to verify Kaseya VSA patch currency, audit MSP supply chain controls, and validate ATT&CK coverage for T1195.002 (supply chain compromise) in existing detection tooling.