Basketball jersey, a hacker network, and a secret institute: how Daniil Kasatkin’s family ties triggered a Kremlin-level response
Media investigations have revealed that the father of basketball player and alleged hacker Daniil Kasatkin — recently exchanged by Russia for French journalist Laurent Vinatier — spent years working at the highly classified Central Scientific Research Institute of Chemistry and Mechanics, resigning only in 2022. The institute has been at the center of global investigations into the Triton (Trisis) malware used in attacks on critical energy infrastructure. Sources in sports circles say the exchange was allegedly pushed by former Russian defense minister Sergei Ivanov, now head of the VTB United League, who personally appealed to Vladimir Putin.
Recently, Russian authorities quite unexpectedly exchanged the less-than-stellar Russian basketball player Daniil Kasatkin, detained in France at the request of the United States, for a highly valuable "hostage" for Russia: French journalist Laurent Vinatier.
As a reminder, basketball player Daniil Kasatkin, formerly of the Moscow professional club MBA (playing in the VTB United League), was detained at Paris’s Roissy-Charles de Gaulle Airport in June 2025 at the request of the United States. He was believed to be a member of a hacker group, but on January 8, 2026, it was announced that he had been released.
Sources of the media in the sports community reported that within the United League itself, Kasatkin’s release is attributed to the league’s president, Sergei Ivanov. Ivanov, a close friend of Vladimir Putin, headed the Presidential Administration, and served as Minister of Defense. He allegedly personally requested this from the Russian president. After the mysterious death of his eldest son, Alexander (he was deputy chairman of the board of Vnesheconombank and allegedly drowned in Dubai in 2014), Sergei Ivanov’s career declined sharply. But, according to a source, he does still communicate with Putin.
This theory is supported by the behavior of PBC MBA, the club where Kasatkin played. Immediately after his arrest in France, the club announced it was terminating the player’s contract. But then quickly backtracked, announcing that they would sign Kasatkin to a new contract upon his return and would support him in every way.
When events of this magnitude happen to a basketball player without a distinguished career, it suggests the story has clearly gone beyond sports. A closer look at the Kasatkin family biography, however, suggests another version of the exchange.
Daniil’s father, Sergei Gennadievich Kasatkin, worked for many years at the Central Research Institute of Chemistry and Mechanics. This is a classified research institute that carries out work for the Ministry of Defense and state defense procurement. Specifically, in 2019, the American magazine The Space Review discovered that CNIIHM was developing secret military inspector satellites that could be used to destroy potential enemy satellites.
In 2018, CNIIHM found itself at the center of an international scandal following the publication of a report by the American company FireEye on the Triton (Trisis) malware used in attacks on energy infrastructure worldwide.
According to The New York Times, one such attack led to the shutdown of a petrochemical plant in Saudi Arabia. FireEye experts claimed that traces in the software code led to the TEMP.Veles group, which used, among other things, the IP addresses of CNIIHM and former institute employees.
As the media discovered thanks to leaks, Sergei Kasatkin’s official position was modest, but experience shows that employees’ actual positions are never transferred from such "mailboxes" to the FPR.
In August 2022, Kasatkin Sr. resigned voluntarily and transferred to NPP Frezer GITs, a company engaged in R&D, experimental design work, and the implementation of technologies in industry.
The family picture is completed by Daniil’s uncle, Alexey Kasatkin. He served in the special forces; we found a photo of him posing with a maroon beret. According to leaked documents, the athlete’s relative has been receiving payments from the Pension Fund since around age 30, which is typical for privileged categories of security officials.
Now, the US authorities’ version. According to US investigators, Kasatkin is involved in the activities of a ransomware group that attacked approximately 900 companies, including two federal agencies, between 2020 and 2022. Investigators claimed that Kasatkin participated in ransomware negotiations, acting on behalf of the hackers.
That is, the crimes were committed at the time Daniil Kasatkin left the United States, where he lived, studied, and played for student clubs for several years.
Against this backdrop, it is particularly striking that, judging by the dates and known details of the charges, Daniil Kasatkin could have been an accomplice to a group of hackers who, despite the charges, are living peacefully in Russia. We are talking about nine individuals involved in the investigation into the Trickbot and Conti ransomware Trojans.
They are at large, running businesses, active online, some even have their own channels, and one is even listed by users as an "FSB operative." And it is against this backdrop that a minor-league basketball player finds himself the subject of an international exchange for a valuable hostage.
The theory about "an ordinary athlete who accidentally fell under attack" "suspect," or as the lawyer who bought the laptop with malware stated, looks less and less convincing in this configuration.
Read more similar news:
Comments:
comments powered by Disqus
