alt Hacker NewsI believe you are making a mistake by thinking that since a malicious actor's domain is registered in Ukraine, it automatically must be doing something in the interests of Ukraine, or at least be known to its officials.
Lots of Russian state actors have no problems working from within Ukraine, alas. Add to this purely chaotic criminal actors who will go with the highest bidder, territories temporarily controlled by Russians that have people shuttle to Ukraine and back daily, and it becomes complicated very quickly.
Replies
Terr_ • last Thursday at 9:41 PM
> Lots of Russian state actors have no problems working from within Ukraine, alas.
Ex: Viktor Yanukovych, prior to being ousted.
Fair point. Just because a domain is registered in Ukraine doesn't mean it's acting in Ukraine's interests. But that works both ways. If Russian actors can operate from Ukraine, then Ukrainian actors (or others) can also operate from Russia, or at least make it look that way. Cyber attacks originating from Ukraine and targeting Russia aren't uncommon either, which only adds to the complexity of attribution.
The issue isn't just attribution but also affiliation. When similar attacks come from Ukraine targeting Russia, Google stays quiet. I understand that Russia invaded Ukraine, not the other way around, but given the complexity of the conflict, aligning with one side in cyber warfare reporting is a questionable move. At the end of the day, attacks will come from both sides - it's a war, after all.
Edit: when I say 'questionable move', I'm specifically referring to Google. It's unclear what they were trying to achieve with this article, is it a political statement or just a marketing piece showcasing how good GTIG is? Or both?