lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 2 May 2019 05:58:04 +0000 (UTC)
From: InfoSec News <>
Subject: [Newsletter/Marketing] [ISN] Going Toe-to-Toe With Ukraine's
 Separatist Hackers

By Elias Groll
Foreign Policy
May 1, 2019

The hacker realized that he was being watched.

The spy software he was attempting to run against the Ukrainian government had 
infected the wrong machine, and now an analyst working for an American security 
company was picking apart the program - known as RatVermin - trying to 
understand how it worked.

The hacker, likely working on behalf of the Luhansk People’s Republic, a 
breakaway region of Eastern Ukraine, first tried to run a ransomware program 
dubbed Hidden Tear to scramble the contents of the computer it had mistakenly 
infected. The program would have made the computer useless to the analyst and 
flashed a sardonic message: “Files have been encrypted with hidden tear. Send 
me some bitcoins or kebab. And I also hate night clubs, desserts, being drunk.”

But the analyst blocked the program from executing, and then, for a few hours 
on March 20, 2018, the two engaged in the digital equivalent of hand-to-hand 

The hacker tried to delete the software being used by the analyst to understand 
RatVermin, a custom-made all-purpose spy tool. The analyst simply reset the 
machine and booted RatVermin back up, this time with a question displayed on 
the screen: Why had the hacker tried to run ransomware on the computer?

The hacker replied with a one-word question: "Mad ?"


Subscribe to InfoSec News

Powered by blists - more mailing lists