> Worse than that still, imagine one of your affiliates is stupid enough to target inside Russia. You need to keep the Russians happy or all of a sudden trial or extradition become likely outcomes.
I read somewhere that a lot of these attacks are orchestrated by Russians because the Russian authorities will turn a blind eye as long as such attacks don't hit domestic targets.
There's indications that the Russian intelligence services are intertwined with organized crime. The oligarchs get help laundering money out of the state, the intelligence services get untraceable money that they can use to bribe foreign assets and the organized crime syndicates get paid for their money laundering services and get a free pass from the authorities as long as they don't inconvenience those in power too much. Seems like one of the most impressive rackets in history.
I think we can assume that all intelligence agencies are intertwined with organized crimes in some way. It’s not like spy activity is completely legal anyway.
In Russia the Oligarchs are mob bosses. It's really that simple. And who do they work with ? Putin who has access to 100% of all government capabilities. It's a big birthday cake and there are plenty slices to go around.
Lol, I don't believe that, but I like to entertain the thought that malware leaves me alone just because I have had a Russian layout installed ever since I can remember.
Honestly, this looks like yet another Russian Hoax iteration.
Also, made me to figure Brian Krebs is merely a journalist, while real infosec researcher is Chris Krebs.
They also talked to other people including the Founder and Chief Research Officers at Unit221B about whether workarounds e.g. adding an additional keyboard were effective.
So clearly it's well known that this is real and accurate just as most of the reporting is on Russia.
> is real and accurate just as most of the reporting is on Russia
Except when it turn out to be fake news as it usually happens. For instance, linked malware research paper doesn't mentions alleged keyboard layout probe and never reveal how this probe to be performed. So, bogus.
> workarounds e.g. adding an additional keyboard
Just as bogus as placing succulent plant to "protect from computer radiation"
This is really common, not just keyboards but time zone settings and even geo IP lookup.
The effort required to make your enterprise look like it’s in Russia is definitely not worth the effort given that this would only stop one slice of organized crime.
Instead, there are stats indicating that The Mother Of All Hoaxes definitely ISN'T safe haven infosec-wise.
Additionally, Krebs completely forgot what there is war between Ukraine and Russia, so there are no reasons for such alleged protective measures any more.
They have a long history of turning a blind eye on criminal activities like drug trafficking as long as it's not sold in Russia. Then again, so do many other governments.
Anything that might interfere with the interests of western democracies is okay with the Russian authorities as long as it doesn't affect Russians finances.
No need for “orchestration”. Pretty straight forward, hackers gonna hack and if you don’t give them a legal outlet they will just attack domestic targets all the same. Works the same way here, the feds don’t coordinate with black hats to attack adversaries. Black hats can become some of the most patriotic fighters, it’s pretty interesting.
Now, if I repeat what you told us, someone might say:
"My friend told he read somewhere that someone read somewhere that a lot of these attacks are orchestrated by Russians because the Russian authorities will turn a blind eye as long as such attacks don't hit domestic targets."
This isn't a rumour and I don't share information unless I'm either personally trained on the topic or have learn that information from a reputable news source. This feature in question even included interviews with some individuals who have ran ransomware attacks.
The only reason I said "somewhere" in my original post was because I cannot remember which network it was published on.
Its OK as long as gossip fit "progressive" agenda and/or comes from renowned "progressive" newspaper Pravda. Otherwise it is a racis' conspiracy.
That WaPo Krebs article links malware analysis which goes into dire detail on how that ransomware probes for Volume Shadow Copy (via amateur WMI) yet... omits keyboard layout probe method(s) at all (there are at least 3 possible ways)
I read somewhere that a lot of these attacks are orchestrated by Russians because the Russian authorities will turn a blind eye as long as such attacks don't hit domestic targets.