Cyber threat groups pick sides over Russia’s invasion of Ukraine

The week of the 21^st of February 2022 has seen threat actor groups announce their support in relation to Russia’s invasion of Ukraine. The one of the first announcements were from an administrator of Raidforums which is one of the largest clearnet hacking forums who announced that the forum was blocking all Russia IPs and therefore block any users connecting from Russia. This announcement makes it clear that they are against Russia’s actions. One of Raidforums users punished a further warning towards Russia by posting a database containing emails and hashed passwords for the FSB.ru domain of Russia’s Federal Security Service (FSB).

In terms of ransomware groups, the Conti ransomware gang issued a warning on Friday 25^th of February 2022 which stated they would respond to cyber activity against Russia using all their resources “to strike back at the critical infrastructures of an enemy.” This message was later changed to state that they do not ally with any government and that they condemn the ongoing war in Ukraine but they will use their resources to strike back if the west uses any cyber aggression. A less known ransomware group known as CoomingProject has also announced their support for the Russian government if cyber-attacks are conducted against Russia.

The Lockbit ransomware group also released an announcement stating they are only interested in the money and won’t be take part in cyber-attacks on critical infrastructures of any country in the world or engage in any international conflicts.