From Triton malware to Kremlin rescue: How the son of a military research institute employee, Daniil Kasatkin, became more valuable to Putin than a french hostage

It has become known that the father of basketball player and hacker Daniil Kasatkin, who was recently exchanged for French journalist Laurent Vinatier, worked for many years (resigning in 2022) at the secret Central Scientific Research Institute of Chemical Medicine. This institute was at the center of the investigation into the Triton (Trisis) virus, which was used in attacks on energy infrastructure worldwide.

Sports circles believe that former Defense Minister Sergei Ivanov, now head of the VTB United League, personally asked Putin to arrange Kasatkin’s exchange. Recently, Russian authorities unexpectedly exchanged the not particularly outstanding Russian basketball player Daniil Kasatkin, detained in France at the request of the United States, for a highly valuable “hostage” for Russia — French journalist Laurent Vinatier.

As a reminder, basketball player Daniil Kasatkin, formerly of the Moscow professional club MBA (playing in the VTB United League), was detained at Paris Charles de Gaulle Airport in June 2025 at the request of the United States. He was suspected of being a member of a hacker group, but on January 8, 2026, it was announced that he had been released.

Kasatkin’s release is attributed to league president Sergei Ivanov. Ivanov, a close friend of Vladimir Putin, headed the Presidential Administration and served as Minister of Defense. He allegedly personally requested this from the Russian president.

After the mysterious death of his eldest son, Alexander (who was deputy chairman of the board at Vnesheconombank and reportedly drowned in Dubai in 2014), Sergei Ivanov’s career sharply declined. However, according to sources, he still communicates with Putin.

This theory is supported by the behavior of PBC MBA, the club Kasatkin played for. Immediately after his arrest in France, the club announced it was terminating his contract. But it quickly backtracked, stating that they would sign Kasatkin to a new contract upon his return and would support him in every way.

When events of this magnitude happen to a basketball player without a distinguished career, it clearly goes beyond sports. A closer look at the Kasatkin family biography, however, suggests another version of the exchange.

Daniil’s father, Sergei Gennadievich Kasatkin, worked for many years at the Central Scientific Research Institute of Chemistry and Mechanics. This is a classified research institute that carries out work for the Ministry of Defense and state defense procurement.

Specifically, in 2019, the American magazine The Space Review discovered that CNIIHM was developing secret military inspection satellites that could potentially be used to destroy enemy satellites. In 2018, CNIIHM became the center of an international scandal following a report by the American company FireEye on the Triton (Trisis) malware, which had been used in attacks on energy infrastructure worldwide.

Новости по теме: Суд арестовал главу отдела Минпромторга по делу о взятках

According to The New York Times, one such attack caused the shutdown of a petrochemical plant in Saudi Arabia. FireEye experts claimed that traces in the software code led to the TEMP.Veles group, which, among other things, used IP addresses of CNIIHM and former institute employees.

Sergei Kasatkin’s official position was modest, but experience shows that in such “mailboxes,” employees’ actual positions are never reflected. In August 2022, Kasatkin Sr. resigned voluntarily and joined NPP Frezer GITs, a company engaged in R&D, experimental design, and the implementation of technologies in industry.

The family picture is completed by Daniil’s uncle, Alexey Kasatkin. He served in special forces; a photo was found of him posing in a maroon beret. According to leaked documents, the relative has been receiving pension payments since around age 30, which is typical for privileged categories of security officials.

Now the U.S. authorities’ version. According to investigators, Kasatkin was involved in the activities of a ransomware group that attacked approximately 900 companies, including two federal agencies, between 2020 and 2022. Investigators claimed that Kasatkin participated in ransomware negotiations on behalf of the hackers.

These crimes were committed at a time when Daniil Kasatkin had already left the United States, where he had lived, studied, and played for student clubs for several years. Against this backdrop, it is particularly striking that, based on the dates and known details of the charges, Daniil Kasatkin could have been an accomplice to a group of hackers who, despite the charges, are living freely in Russia.

This concerns nine individuals involved in the investigation of the Trickbot and Conti ransomware Trojans. They are at large, running businesses, active online, some even have their own channels, and one is listed by users as an “FSB operative.”

And it is against this backdrop that a minor-league basketball player becomes the subject of an international exchange for a valuable hostage. The theory of “an ordinary athlete who accidentally fell under suspicion,” or as the lawyer who purchased the malware-laden laptop stated, looks increasingly unconvincing.