Huh? How are you going to politicize a small hacker group in Russia?
[EDIT] : I’m not a smart man.
2 Likes
Here we go again…
2 Likes
It’s not state sponsored. Everything looks to be a small group of Ruskie misfits who will make 20% if it’s paid.
Funny to hear sycophants of the last administration cry that Biden’s not doing more to… a small hacker group…
3 Likes
I’d love to hear his logic.
Nothing about Guccifer 2.0 (actual government) but… angry at Biden for not going after a low level group of skiddies who have a very nice bespoke custom RAT.
I work in IT sec and red teaming, so I’d love to hear the explanation honestly. It’s funny.
I’m not ? Just was answering his question. FTR, I highly doubt the previous admin would have done anything at all about it either.
Crap. My bad. This isn’t state sponsored, it’s just a script kiddie group who bought the right credentials.
I’ve had a few friends take the whole ‘why aren’t they going after Russia’ stance already, was worried it was that.
My mistake 1000%
Well I’m sure Russia has some people on the top that are paying (or strongly persuading) these small groups to hack. Maybe not this particular incident.
1 Like
You underestimate Putin. Any “low level” group may be acting on government’s behalf and/or may be sponsored by the government.
6 Likes
Read/Listen to Red Notice…hell of a book, hell of a story on doing business in Russia w/Putin
1 Like
100% they could be, but from intel so far, they are a low level group.
They have a freaking troll farm there on Twitter, I’m just saying so far it all points to a low level group.
Could it be state sponsored? Possibly. More likely criminal gang with a dank bespoke RAT.
100% That exactly was ‘Guccifer 2.0’ which handed emails directly to ol’ Roger Stone.
This just so far hasn’t pointed to anyone but a low level group who gets custom malware and a percentage cut.
I’ll be the first to STFU if there’s any indication otherwise, but Mandiant is literally still taking web servers down. That won’t be for a while.
The thing is that every Russian hacker group is known to FSB, SVR or GRU and can be shut down or used by them at any time. Hacking of Colonial magnitude goes well beyond extorting some hospital and looks like the show of force.
But maybe I’m wrong and it is some 600 lbs guy in his mom’s basement lol
2 Likes
Nah it’s Malware / Ransomware aaS (as a service)
You do the ground work and phishing, vishing, getting them to click the right URL, and they provide the root-kit. Any payment to the address you get 20% of.
You are 100% correct they’re all known and are pawns of the iron fist, but this particular group is known to actually have special groups (hospitals, etc.) they will not go after or hit.
Further intel showed they hit no previous USSR states either.
I could be wrong and could be another strike at our fragile infra, but most of these attacks go under the carpet. They just hit the right guys.
Hell employees are selling their credentials to shady company in Silicon Valley and get paid $25/month they gain persistence.
It’s far worse than people know.
It’s not a cyberattack. It’s ransomware.
Someone clicked on a questionable ad and it downloaded software which borked their computer. Of course they were more likely surfing porn when this happened.
Not an attack.
2 Likes
So, you are saying it cannot be a cyberattack masked as a ransomware? To make a point? 
Russia is Russia.
2 Likes
Nyet. Ransomware as a Service. You don’t need to ask Putin to get a 'puter.
This is far wide spread beyond what you know.
Most companies just sweep it under the rug after restoring Veeam backups and when called out give out a year of credit monitoring. They don’t transport roughly 50% of the gas in the East Coast, only difference.
1 Like
Welcome to CA gas prices! 
2 Likes
This is a great quote, and true.
Just try not to imagine the companies they’re silently in, and the dark-net auctions where people buy up the access. That’s when things get worrisome and you realize it’s all screwed.
Example: Remember Equifax was hacked through a freaking SQL injection, half of america’s info was dropped, and everyone just forgot?
Eventually, they went on to upload so-called web shells to gain access to Equifax’s web server. They used their position to collect credentials, giving them unfettered access to back-end databases. Think of breaking into a building: It’s a lot easier to do so if residents leave a first-floor window unlocked and you manage to steal employee IDs.
From there, they feasted. The indictment alleges that the hackers first ran a series of SQL commands to find especially valuable data. Eventually, they located a repository of names, addresses, Social Security numbers, and birth dates. The DOJ says the interlopers ran 9,000 queries in all, not stopping until the end of July.
9,000 queries ran on a SQL server to basically exfiltrate 40% of the US’s Social security data and accounts, and nothing really ever happened. We may get some credit monitoring or a $7 check in a few years.
3 Likes