There’s a frequent pattern in a lot of the malware I analyze that it checks system language for Russian speakers and some other languages and doesn’t activate unless the check fails.
Now none of these were authored by any sort of APT, they were very unprofessionally made and only used very rudimentary obfuscation that I learned to deal with in a book from 2012 instead of something like themida (which is what I’d use at a minimum). But the actual sophisticated ransomware groups like conti apparently have the same policy, and have reportedly even decrypted infected computers for free if people could produce a valid Russian passport.
My question is why are these hackers so patriotic? Is there like some implicit policy that you are allowed to hack non Russians and that you won’t be punished for it? Are they like permitted to operate by the FSB as long as they only target westerners or something?
[link] [comments]
from hacking: security in practice https://ift.tt/XtRSlPQ
Comments
Post a Comment