Hotbed of Cybercrime Activity Tracked Down To ISP In Region Where Russia Is Invading Ukraine

An anonymous reader writes: Last week, WordPress security firm WordFence revealed it detected over 1.65 million brute-force attacks originating from an ISP in Ukraine that generated more malicious traffic than GoDaddy, OVH, and Rostelecom, put together. A week later, after news of WordFence's findings came to light, Ukrainian users have tracked down the ISP to a company called SKS-Lugan in the city of Alchevs'k, in an area controlled by pro-Russian forces in eastern Ukraine. All clues point to the fact that the ISP's owners are using the chaos created by the Russian military intervention in Ukraine to host cyber-crime operations on their servers. Some of the criminal activities the ISP hosts, besides servers for launching brute-force attacks, include command-and-control servers for the Locky ransomware, [email, comment, and forum] spam botnets, illegal streaming sites, DDoS stressers, carding sites, several banking trojans (Vawtrack, Tinba), and infostealers (Pony, Neurevt). UPDATE 12/22/16: The headline and summary have been updated to reflect the fact that Ukraine is fighting a Russian invasion, and is not in a "civil war," as mentioned in the source.

Spamhaus Block List has these guys

https://www.spamhaus.org/sbl/query/SBL190623

Just block the whole ISP and call it a day

There is no civil war in Ukraine

[Z_God]

The idea that there's a civil war in Ukraine comes from Russian propaganda. There's actually a war against Russia going on there. The people who initiated it and the people on which it relies today all have Russian citizenship.