While Ukraine calls for hacker underground to defend against Russia, ransomware gangs make their moves.
Ukraine’s government is asking for volunteers from the hacker underground to provide their support in protecting critical infrastructure and carry out offensive operations against Russian state-sponsored hackers, reported Reuters which cited two e experts involved in the project.
The call for action against Russia was shared on hacker forums on Thursday morning.
The post was written by Yegor Aushev, co-founder of the Ukrainian cybersecurity firm Cyber Unit Technologies. The cybersecurity expert told Reuters he wrote the post at the request of a senior Defense Ministry official who contacted him on Thursday.
“Aushev said the volunteers would be divided into defensive and offensive cyber units. The defensive unit would be employed to defend infrastructure such as power plants and water systems. In a 2015 cyberattack, widely attributed to Russia state hackers, 225,000 Ukrainians lost electricity.” reported the Reuters.
The offensive volunteer unit Aushev said he is organizing would help Ukraine’s military conduct digital espionage operations against invading Russian forces.
On the other side, some prominent ransomware gangs seem to be ready to provide their support to Russia. One of these gangs is the Conti ransomware gang, it published the following message on its leak site:
“As a response to Western warmongering and American threats to use cyber warfare against the citizens of Russian Federation, the Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world. We do not ally with any government and we condemn the ongoing war. However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression.”
The position of the cybercrime gang is clear.
I also noticed this week that the Tor leak site of the Everest ransomware gang was down mysteriously down. Are the members of the gang involved in the cyber dispute in some way?
Recently we also observed another mysterious pause of the popular cybercrime forum Raid Forums (RF) that is crowded with Russian-speaking threat actors. At the time of this writing RF seems to have problems again.
How to interpret these signals? Is the Russian cybercrime underground providing support to Russia-linked APT groups?
Ransomware gangs could provide their support for state-sponsored hackers, for example, providing them accesses to already compromised government organizations and businesses.