The Russian invasion of Ukraine has split the hacking community, sending some of the most recognizable and powerful groups scrambling to pick a side to declare which has their allegiance.
In a tweet, hacking group Anonymous declared "a cyberwar against the Russian government" and has claimed to be responsible for attacks that brought down Russia Today, a state-backed news outlet, and several government websites. It also said it hacked other Russian state-TV channels.
Conti, a ransomware group with possible ties to Russian intelligence that attacked more than 290 American targets last year, declared its "full support of Russian government" and said it would use "all possible resources to strike back" at any adversaries. Cyberthreat intelligence company Orpheus Cyber reported another group united with Russia obtained stolen data from more than 45 Ukrainian government websites, and some of it is up for sale.
Motives that push hacking groups to pick a side range widely. Members of Anonymous have stated that their guiding principle is "anti-oppression," while Russian-aligned attacks may be state-sponsored. Pro-Russia attacks can also come from groups who feel pressured to operate on their behalf by the Kremlin.
"It's not entirely clear what the connection is between the ransomware gangs and the Russian government," said Brett Callow, a threat analyst at Emsisoft. "At best, they are working within a permissive environment. At worst, they are working for certain wings of the Russian government."
"Some of the actions of Russia's government just prior to the war — shutting down the REvil gang or arresting them and shutting down a number of dark web forums and shops — these cybercriminals are afraid that if they don't support the regime, they're going to be next," said Alex Holden, the founder of Hold Security.
Hacking groups may become targets for moving away from their usual financial motives for attacks. After Conti declared support for Russia, an apparent insider who objected to the group's support for Russia leaked a trove of internal chat messages and other files that Holden says "mortally wounded" the gang.
"When we see things like this, we are learning how in 2021, 2022, cybercriminal enterprises operate, so we have [the] ability to detect and deter organizations like this in the future," Holden said.
Moving forward, experts say that any further cyber escalation could spell trouble for those outside the conflict zone, including Americans. Groups like Conti could come back to hit the U.S. as well.
"They are a highly effective ransomware group, albeit one that has terrible operational security," Callow said. "They likely do still have access to certain U.S. networks that they have yet to encrypt, and they could potentially do that any time."
Newsy is the nation’s only free 24/7 national news network. You can find Newsy using your TV’s digital antenna or stream for free. See all the ways you can watch Newsy here: https://bit.ly/Newsy1
Trending stories at Newsy.com