Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
KELA Profile picture
@Intel_by_KELA
Feb 27, 2022 8 tweets 4 min read Read on X
Scrolly
Financially-motivated cybercriminals are usually staying away from politics, but when politics hit close to home, they strike back. In this thread, we share a quick recap of the most interesting initiatives and discussions about #UkraineRussiaConflict on cybercrime forums. Image
A user on CrdClub proposed to organize a fundraiser to support the families and children in Ukraine. The author shared a BTC wallet that was issued by the forum’s admin specifically for this cause. Image
A user on Exploit published a post asking Russian citizens to participate in protests against the war. Other users commented that regardless of the forum’s rules, it is highly important to discuss the matter and state such opinions out loud. However, the thread was deleted. Image
Admin of XSS reminded that politics is prohibited on the forum: “All discussions about the Ukraine situation will be closed or deleted”. He said that if Russian-speaking cybercriminals will start to attack each other, there will be nothing left. ImageImage
Some users asked if it is possible to safely attack US companies again, referring to recent arrests of Russian-speaking cybercriminals: “Looks like there will be no more collaboration between US and us?” Another user: “Did V/V [Putin] permit us to attack critical infrastructure?” ImageImage
The Ukrainian Ministry of Defense allegedly asked the Ukrainian hacker community for help and requested to fill out a Google Docs form. Some users considered it to be a law enforcement operation aimed to gain information on hackers or refused to participate. ImageImage
Multiple initiatives were shared on Raidforums (now it is allegedly seized by authorities). The admin claimed any user connected from Russia will be banned, while users suggested making a collection of “attackable Russian IP-ranges” and “IP-ranges that are scanning Ukraine”.
Speaking of #Conti’s statements regarding Russia's support, it did not gain much attention among cybercriminals on forums. KELA continues to monitor sources and welcomes any additions to this thread you might have.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with KELA

KELA Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Intel_by_KELA

KELA Profile picture
Jul 26, 2023
Despite the decryptor for the Akira ransomware that was released in the end of June 2023, the group still seems to successfully extort victims. In July, we observed 15 new victims of the group, either publicly disclosed or detected by KELA in the course of their negotiations.
It seems that some of the July victims were infected with the Linux version of the Akira ransomware, based on the list of stolen files. However, at least for some victims the infected machines were running on Windows.
For example, a law firm in the US that was discovered as a victim in June 2023, has paid the ransom on July 13. Interestingly, during the course of negotiations, Akira disclosed the victim's name on the blog; after that the victim still continued to participate in negotiations.
Read 6 tweets
KELA Profile picture
Jul 12, 2021
Former #Babuk and Payload.bin leak site has changed again. Now it's a place where "successful people can stay protected from the RaaS services' scam." The admin claims that following the ransomware ban on other forums, he wants to create a new community. Image
Also, the admin says he - probably - has some connection with the recent leak of Babuk's builder but now he is not affiliated with the gang: "I recommend to blacklist this product to all security firms and data security [specialists]." Image
Interestingly, the name of the new forum is RAMP which is probably a reference to the now-defunct Russian Anonymous Marketplace (a drug market closed in 2017).
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(