Security News

Microsoft announced it will stop all new sales of services and products in Russia in response to Russia's "Unjustified, unprovoked and unlawful invasion" of Ukraine. "We are announcing today that we will suspend all new sales of Microsoft products and services in Russia," Microsoft President and Vice-Chair Brad Smith said.

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service attacks aimed at its domestic infrastructure. As part of its recommendations to counter the DDoS attacks, the agency is urging organizations to ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, and watch out phishing attacks.

Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate's internal chats. The file dump, published by malware research group VX-Underground, is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated ransomware group from January 2021 to February 2022, in a move that's expected to offer unprecedented insight into the gang's workings.

Roskomnadzor, Russia's telecommunications watchdog, asked Google to stop advertising campaigns spreading misinformation about Russia's invasion of Ukraine on YouTube videos. "Roskomnadzor sent a letter to Google LLC with a demand to immediately stop disseminating false information of a political nature about the special operation of the Russian Armed Forces in Ukraine on the territory of Russia," the internet watchdog explained.

The Ukrainian government attributed the activities to a threat actor tracked as UNC1151, a Minsk-based group whose "Members are officers of the Ministry of Defence of the Republic of Belarus." In a follow-up update, the agency said the nation-state group also targets its own citizens, while simultaneously setting its sights on Russian entities -. The development follows a barrage of data wiper and distributed-denial-of-service attacks against Ukrainian government agencies, even as various hacking groups and ransomware syndicates are capitalizing on the chaos to take sides and further their activities.

As big tech companies from the West swiftly and happily comply with new rules that prohibit interactions with Russia, Chinese companies will soon feel pressure to do likewise - and counter-pressure to resist such calls. In early February, Russia and China re-affirmed their relationship as having "No limits" and essentially declared they are best friends forever.

Microsoft is decrying what it calls the "Tragic, unlawful and unjustified invasion of Ukraine" by Russia, and vowed to continue protecting the country from cyberattacks and state-sponsored disinformation campaigns. The software giant added it will support humanitarian efforts as Ukrainians try to fend off an invading Russian army and as hundreds of thousands flee Ukraine into such neighbors as Poland, Romania, and Moldova.

The Russia-Ukraine cyber warzone has split the Conti ransomware gang into warring factions, leading to a Ukrainian member spilling 60,000 of the group's internal chat messages online. On Twitter a message from a Conti member saying that "This is a friendly heads-up that the Conti gang has just lost all their sht."

The worst security looks much the same as the best. By way of justifying the invasion, he made a speech saying that Ukraine is not a country, that the West is an evil empire, and that Russia's security concerns are paramount.

An angry member of the Conti ransomware operation has leaked over 60,000 private messages after the gang sided with Russia over the invasion of Ukraine. AdvIntel CEO Vitali Kremez, who has been tracking the Conti/TrickBot operation over the last couple of years, also confirmed to BleepingComputer that the leaked messages are valid and were taken from a log server for the Jabber communication system used by the ransomware gang.