Thursday, April 18, 2024

Ransomware gangs, hackers pick sides over Russia invading Ukraine

Hacker crews are picking sides as the Russian invasion into Ukraine continues, issuing bans and threats for supporters of the opposite side.

This week, an administrator of the database sharing and marketplace Raidforums announced that it would close its door on users connecting from Russia, clearly expressing their position against Kremlin’s actions.

Earlier today, the Conti ransomware group stated their “full support of Russian government” and threatened with cyberattacks against anyone launching attacks against Russia.

Hackers react

Hackers, state-backed or not, have already launched cyberattacks, most of them against Ukrainian targets [123], with some targets in Russia also being hit [1].

With the Russian aggression continuing, the hacker community started to get more involved and express their stance in the conflict.

Following the political model of the U.S. and the EU, Raidforums published a notification yesterday saying that it would impose its own sanctions by banning any user connecting from Russia.

One member of the Raidforums community published a more abrasive message as a warning to “Russians.” The user posted a database with emails and hashed passwords for the domain of Russia’s main security agency, the Federal Security Service (FSB).

In the sample data shared on the forum as proof of provenance there are email addresses for FSB offices (directorates) in various regions.

The same user has previously posted similar databases for .mil domains in the United States.

Ransomware gangs get involved

Today, the Conti ransomware gang issued a warning that they would respond to cyber activity against Russia using all their resources “to strike back at the critical infrastructures of an enemy.”

Conti ransomware threatens to retaliate for action against Russia

The gang changed their message about an hour later, saying that they “do not ally with any government and we condemn the ongoing war” but will respond to Western cyber aggression on Russian critical infrastructure.

Conti ransomware promises retaliation if Western cyberattacks target Russian critical infrastructure

Conti is one of the most active ransomware actors in the industrial sector, being responsible last year for breaching 63 companies operating industrial control systems (ICS), most of the in the manufacturing sector.

Recommended:  California public office data breach

Conti also took control of BazarBackdoor, the stealthy malware developed by the TrickBot gang for compromising high-value targets.

CoomingProject, another, less known, ransomware group also announced their support for the Russian government if cyberattacks are aimed at the country.

CoomingProject pledging support for Russian government

Ukraine asks hacker community for help

It appears that the Ukrainian side is also trying to engage its hacker force to defend critical infrastructure from coordinated cyberattacks and to carry out cyberespionage operations on Russian activity.

Reuters details that a message for the Ukrainian underground hacker community posted at the request of the Defense Ministry called the cybercommunity to enroll in a mission to defend the country.

The call to action was published through Yegor Aushev, the founder of Cyber Unit Technologies, who yesterday shared an application form for volunteer hackers to sign up declaring their skills for a better organization of tasks.

In one post, Aushev claims that even hackers around the world, including from Russia, have responded to his call, who will be grouped into teams for offensive and defensive action.

Yegor Aushev calling for volunteer hackers

It is clear that modern warfare has entered a new age as physical armed forces are now openly supported by cyber activity carried not just by individuals with formal training but also self-taught hackers on both sides of the law.

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Recommended:  VMware fixes three critical flaws in Workspace ONE Assist
Please login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates