Tweet

KELA

Feb 27 • 8 tweets • 4 min read

Financially-motivated cybercriminals are usually staying away from politics, but when politics hit close to home, they strike back. In this thread, we share a quick recap of the most interesting initiatives and discussions about #UkraineRussiaConflict on cybercrime forums.

A user on CrdClub proposed to organize a fundraiser to support the families and children in Ukraine. The author shared a BTC wallet that was issued by the forum’s admin specifically for this cause.

A user on Exploit published a post asking Russian citizens to participate in protests against the war. Other users commented that regardless of the forum’s rules, it is highly important to discuss the matter and state such opinions out loud. However, the thread was deleted.

Admin of XSS reminded that politics is prohibited on the forum: “All discussions about the Ukraine situation will be closed or deleted”. He said that if Russian-speaking cybercriminals will start to attack each other, there will be nothing left.

Some users asked if it is possible to safely attack US companies again, referring to recent arrests of Russian-speaking cybercriminals: “Looks like there will be no more collaboration between US and us?” Another user: “Did V/V [Putin] permit us to attack critical infrastructure?”

The Ukrainian Ministry of Defense allegedly asked the Ukrainian hacker community for help and requested to fill out a Google Docs form. Some users considered it to be a law enforcement operation aimed to gain information on hackers or refused to participate.

Multiple initiatives were shared on Raidforums (now it is allegedly seized by authorities). The admin claimed any user connected from Russia will be banned, while users suggested making a collection of “attackable Russian IP-ranges” and “IP-ranges that are scanning Ukraine”.

Speaking of #Conti’s statements regarding Russia's support, it did not gain much attention among cybercriminals on forums. KELA continues to monitor sources and welcomes any additions to this thread you might have.

• • •

Missing some Tweet in this thread? You can try to force a refresh

This Thread may be Removed Anytime!

Twitter may remove this content at anytime! Save it as PDF for later use!

More from @Intel_by_KELA

KELA

@Intel_by_KELA

Jul 12, 2021

Former #Babuk and Payload.bin leak site has changed again. Now it's a place where "successful people can stay protected from the RaaS services' scam." The admin claims that following the ransomware ban on other forums, he wants to create a new community.

Also, the admin says he - probably - has some connection with the recent leak of Babuk's builder but now he is not affiliated with the gang: "I recommend to blacklist this product to all security firms and data security [specialists]."

Interestingly, the name of the new forum is RAMP which is probably a reference to the now-defunct Russian Anonymous Marketplace (a drug market closed in 2017).

Read 4 tweets

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Share this page!

KELA

People who liked this thread also liked...

Try unrolling a thread yourself!

More from @Intel_by_KELA

KELA

Did Thread Reader help you today?

Don't want to be a Premium member but still want to support us?

Like this author's thread?