Whilst investigating a recent ransomware attack I have stumbled across the threat actor reading articles related to the war in Ukraine.

Photo by sebastiaan stam on Unsplash

During their attack the threat actor opened a Edge browser which popped up with the new feeds, lots of the articles presented were related to the Ukraine conflict. The threat actor then begins to click through articles specifically related to t he war crimes investigations. Based on a number of factors we can attribute the threat actor to a group linked to Russia.

This really hit home thinking about how little the true news probably filters through to the Russian people. I wondered whether the threat actor was in a room with other hackers and called people over to read the articles.

Sobering thoughts.