The most recent Accenture Global Incident Report (the Report) shows that cyber-attackers have political views and are divided between support for Russia or Ukraine.

According to the Report, entitled “Global Incident Report: Threat Actors Divide Along Ideological Lines over the Russia-Ukraine Conflict on Underground Forums,” the war between Russia and Ukraine has caused an unusual rift in Russian-language cyber forums (mostly ransomware gangs) between those supporting Russia and those supporting Ukraine.

The rift is highly unusual. According to Accenture, “For the first time, in the more than 10 years that Accenture’s Cyber Threat Intelligence (ACTI) team has been tracking dark web activity, we’re seeing previously coexisting, financially motivated threat actors divided along ideological factions.”

Accenture’s research shows that “Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors…and are increasingly attempting to target Russian entities in support of Ukraine. However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting “enemies of Russia,” especially Western entities due to their claims of Western warmongering.”

The pro-Russian threat actors are targeting Western “resources, government, media, financial and insurance industries.” The pro-Russian culprits include Conti, LockBit, and CoomingProjects ransomware gangs. Since the motivation for ransomware groups is pivoting to politics instead of “opportunistic prospects for financial gain,” this “target switch is leading to a higher threat level for Western organizations.” According to Accenture, this shift poses a significant risk to Western critical national infrastructure.

Accenture’s conclusion is dire: “Having monitored underground forums for more than a decade, ACTI notes that the current split on the underground and the large-scale transitions to an ideological motivation by what were previously financially motivated groups is unprecedented and may bring about far-reaching consequences.”

Accenture provides mitigation tips, including patching vulnerabilities that Conti has used in recent incidents. Accenture’s research can be accessed here.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.