{"id":48315,"date":"2022-09-06T16:15:02","date_gmt":"2022-09-06T16:15:02","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33811\/An-Interview-With-Ukranian-Hacker-Herm1t-On-Countering-Pro-Kremlin-Attacks.html"},"modified":"2022-09-06T16:15:02","modified_gmt":"2022-09-06T16:15:02","slug":"an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/","title":{"rendered":"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks"},"content":{"rendered":"
<\/div>\n

Editor\u2019s Note: Andrey Baranovich, who is known online as \u201cHerm1t,\u201d spent much of the \u201990s and \u201900s chronicling the history of malware development on a site known in the hacking community as VX Heaven.<\/em><\/p>\n

But about 10 years ago, the site was shut down by Ukrainian security authorities, and Baranovich was charged with spreading computer viruses. The charges were dropped \u2014 cybersecurity experts argued that the site was of little use to cybercriminals, and was mainly a reference tool for researchers \u2014 and Baranovich moved to Kyiv and started to take on a more activist role.<\/em><\/p>\n

In 2014, when Russia invaded Crimea, Baranovich helped launch groups aimed at countering Russian aggression and protecting Ukraine in cyberspace. Groups he\u2019s affiliated with, such as RUH8 and the Ukrainian Cyber Alliance, made a name for themselves by breaching Russian government sites and leaking information on top officials.<\/em><\/p>\n

\u201cDespite previous disagreements, [I] decided to help our state a little,\u201d he said.<\/em><\/p>\n

Baranovich talked to Recorded Future analyst and product manager Dmitry Smilyanets about the war in Ukraine and fending off pro-Kremlin hackers. The conversation, which has been edited for space and clarity, was conducted in Russian and translated to English with the help of linguists from Recorded Future\u2019s Insikt group. <\/em><\/p>\n

Dmitry Smilyanets: In one of my previous <\/strong>interviews<\/strong><\/a>, <\/strong>Smelly_VX<\/strong><\/a> mentioned <\/strong>you<\/strong><\/a> as the creator of VX Heaven. Tell me how you created the project and what happened next.<\/strong><\/p>\n

Andrey Baranovich: <\/strong>The VX Heaven project was from another time: the mid-\u201990s, no Google yet, Windows 95 had just come out and there was no browser yet, connecting to the internet was prohibitively expensive, and the main place to communicate with people and look for information was FidoNet and BBS [Bulletin Board System]. The criminal codes of the post-Soviet countries did not yet have articles criminalizing hacking and computer viruses. Instead of websites, hacker groups collected their articles and code into e-zines, DIY publications that circulated widely from bulletin board to bulletin board. Now it\u2019s even hard to imagine how primitive those systems were when, in order to find the desired file, it was necessary to call the BBS using a modem, download a list of files at a speed of 2-3 kilobytes per second, find the desired file, and download it. <\/p>\n

On my site, which was called SoftWAR, there was a typical hacker\u2019s kit \u2014 collections of cracks for software, viruses, magazines, and documentation. When I got a job in 1999 on an ISP with unlimited traffic and space, the idea naturally came up to make a site from an already existing collection. Gradually, it became an important element of the viral scene, which always needed collectors to maintain continuity and a place to show off their skills to their peers. Generations of hackers changed, and sooner or later this ideal period had to end. <\/p>\n

In 2012 my project attracted the attention of the then newly created DKIB SBU<\/a> [Ukraine counterintelligence authority]. These guys were not looking for lost causes but for brighter minds, and they expected to recruit me in order to find out what happens in the hacker community. After a categorical refusal, the Chekists [special services] organized a criminal case<\/a> under article 361-1 [a law concerning the spread of computer viruses], but everything went not as they expected, and instead of \u201ccooperation\u201d they got a small, but quite a noticeable scandal<\/a>. <\/p>\n

The case crumbled during the pre-trial hearing during which they attempted to make their case and it never reached the court. After that, I moved to Kyiv, changed my specialty to information security, and the site [VX Heaven] was supported by \u201cDahmer\u201d for some time, this time on a bulletproof hosting, to get rid of intrusive attention. A lot has changed in twenty years, and as someone famously joked at LovinGod\/SGWW [one of the most famous post-Soviet viral groups], VX Heaven has become the \u201cportable coffin of the VX scene.\u201d And it\u2019s true, the hacker scene that formed in the early \u201880s and peaked in the early \u201800s has just ceased to exist in its usual form. However, it is a part of our history that I would like to keep.<\/p>\n

\n
\n
\n

vx-underground would not exist if not for the original VX historian herm1t. He was the first to aggregate malware related material in a centralized location and inspired thousands of people. He is on Twitter.<\/p>\n

Pay homage to @vx_herm1t<\/a>. The founder of VxHeaven.<\/p>\n

\u2014 vx-underground (@vxunderground) January 11, 2021<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

DS: <\/strong>You are<\/strong><\/a> a member of the <\/strong>Ukrainian Cyber \u200b\u200bAlliance<\/strong><\/a> and <\/strong>RUH8<\/strong><\/a>. Tell us about these organizations and your role in them.<\/strong><\/p>\n

AB: <\/strong>In 2014, after the Revolution of Dignity and the flight of [Ukrainian President Victor] Yanukovych, Russia annexed Crimea and invaded Donbas. Almost immediately after the start of the war, a Russian \u201cCyberBerkut<\/a>\u201d appeared, imitating hackers. And the Ukrainian intelligence services also became interested in what can be done with the help of the internet, while their practical preparedness, both in the field of defense and in the field of attack, was practically zero. Throwing a tracker picture<\/a> was the maximum of their capabilities. And, realizing that with such \u201cspecial equipment\u201d you won\u2019t get far, they began to turn to specialists from the private sector, including Tim \u201cJeff\u201d Karpinsky and me. <\/p>\n

Despite previous disagreements, we decided to help our state a little. And already in March and April [2014], we managed to hack a couple of suitable targets, for example, the mail of Alexei Karyakin<\/a> from the \u201cLNR,\u201d [Luhansk People\u2019s Republic] since then he has been wanted for treason, or the hacking of the State Duma in April 2014. A year later, we decided to somehow streamline our hacking activity and called ourselves RUH8<\/a>. <\/p>\n

In 2016, several hacker groups united around InformNapalm, and the Ukrainian Cyber \u200b\u200bAlliance<\/a> was born. It included Falcons Flame, Trinity, and Cyberjunta. When I made the RUH8 site in the fall of 2015, I wrote a little \u201cold school\u201d intro on the main page, more like a parody of the old hacker groups with \u201cpresidents\u201d and \u201cpublic relations departments,\u201d so the hackers laughed at the corporate culture. In this text, I called myself the \u201cpress secretary\u201d of the new hacker group and the joke seemed very funny to me, however, after the May hacks of the \u201cDPR\u201d [Donetsk People\u2019s Republic, a separatist region backed by Russia] and the mega-scandal arranged by the Myrotvorets<\/a> [Peacemaker] around the list of journalists that messed up our #OpMay9<\/a>, it was simply necessary to explain who we are, what we do and what our goals are. <\/p>\n

I discussed the first interview for the Focus magazine with the team, then, as the positions were determined, I began to communicate with the press on my own. After #SurkovLeaks<\/a> hit the news as a kind of \u201ccounter-attack\u201d after Russian interference in the U.S. elections, the initially parodic position of the press secretary turned into a hard daily job. <\/p>\n

DS: Is there cooperation between the Cyber \u200b\u200bAlliance (and the Ukrainian cyber community) and the government (Viktor Zhora, the head of the cybersecurity agency, in particular)?<\/strong><\/p>\n

AB: <\/strong>There has always been a connection between the cybersecurity community and the state, so already at the very beginning of the war in 2014, Kostya Korsun, the former head of CERT-UA [Computer Emergency Response Team of Ukraine] and co-founder of the Ukrainian Information \u200b\u200bSecurity Group [UISG], organized a meeting. Employees of the SBU, the Ministry of Internal Affairs, and the State Special Communications Service came to it because it was immediately clear that the efforts of state institutions to counter Russia was not enough, and then the exchange of information continued, both informally \u2014 at the UISG and NoNameCon conferences, and more formally, when in 2019 we were invited to a meeting in the National Security Council dedicated to cybersecurity. We have known Viktor Zhora for a long time, ever since he was in business, and despite the difference in opinions about certain events, communication continues.<\/p>\n

\n

\u201cThe differences between IT and conventional war are becoming less obvious. And I believe that if it is quite acceptable to disable the power plant, then opening the spillway of the dam, which will simply wash away thousands of civilians, no matter how you look at it, will be a war crime, and it does not matter whether partisans or the military carry out such sabotage.\u201d<\/p>\n

\u2014 Andrey Baranovich<\/em><\/cite><\/p><\/blockquote>\n

DS: On February 26, 2022, you made a social media <\/strong>post<\/strong><\/a> about searching for initial access to the networks. What I found interesting is the list of what not to do. Tell me in detail about ethical standards in cyberspace during a military conflict. Has your attitude changed after six months of the war?<\/strong><\/p>\n

AB: <\/strong>First of all, with the beginning of a full-scale war, the goals have changed. Previously, we called ourselves hacktivists, in addition to collecting useful information, we tried to promote a certain civic position: \u201ceverything they can do to us, we can do to them\u201d; and \u201cthere is nothing to negotiate with Russia,\u201d \u201cRussia is incapable of negotiating, and even if an agreement is reached, which is a mistake in and of itself, the agreements will be violated;\u201d \u201ccybersecurity in Ukraine is not given enough attention,\u201d and \u201cUkraine needs not only volunteers but also official cyber troops.\u201d <\/p>\n

Now everything is different, it is no longer activism. Those ideas that I spoke about have become commonplace, on the verge of banality: a rose is a flower, oak is a tree, Russia is our enemy, Ukraine needs not just peace, but victory. Now we are closer to the guerrillas than to the activists in Guy Fawkes masks. With so many new players joining the cyber war, the debate over what is and isn\u2019t allowed is immediately on the rise. <\/p>\n

On the one hand, researchers pay too much attention, I think, to the legality or illegality of distributed denial-of-service [DDoS] attacks carried out by the Ukrainian \u201cIT Army.\u201d Yet the fact that the Russian GRU [Main Intelligence Directorate] and FSB [Federal Security Service] are more active than ever, and sometimes use Russian groups as a cutout to leak information, is not included in the scope of these questions. On the other hand, Viktor Zhora, at a recent conference in Las Vegas, accused<\/a> the Russian Federation of nothing less than military cyber crimes. From the point of view of international law, this is a gray area \u2014 the Russian military, the GRU and the FSB have been attacking civilian objects for years, starting with Prykarpattyaoblenergo and the Severnaya<\/a> substation, including the hacking of Diya<\/a> on January 14, however, no matter how great the damage was (in the case of NotPetya, it reached, according to the White House, the mark of $10 billion) it is not comparable to a missile attack. <\/p>\n

\u201cCyber\u201d has always fallen just a little short of conventional war, nevertheless, the differences between IT and conventional war are becoming less obvious. And I believe that if it is quite acceptable to disable the power plant, then opening the spillway of the dam, which will simply wash away thousands of civilians, no matter how you look at it, will be a war crime, and it does not matter whether partisans or the military carry out such sabotage.<\/p>\n

DS: What do you think of the KillNet faction and the like?<\/strong><\/p>\n

AB:<\/strong> With Russian hacker groups, everything is difficult, because the Russians managed to impose a certain point of view. Often they write \u201cpro-Russian hacker group.\u201d Cyberberkut and Beregini are not hacker groups that work in the interests of the special services, these are the Russian special services personas, they were mimicking Anonymous, then supposedly Ukrainian hackers who support Russia, this is all deliberate disinformation, part of their usual way of dealing with \u201cactive measures,\u201d forged documents and anonymous stuffing. <\/p>\n

I am glad that numerous Russian black hats are still trying to stay away from politics and continue business as usual; on the other hand, the fierce hype that accompanied the emergence of the Ukrainian \u201cIT army\u201d provoked symmetrical movements \u2014 Killnet, Xaknet, FRWL and even \u201cAnonymous Russia\u201d (which is very funny in itself). Some of the hacks that these groups publish may not be their work at all. For example, I am almost sure that the leak of the document flow of the Ukrainian Ministry of Foreign Affairs is the consequence of the GRU attacks<\/a> on January 14 and February 23. <\/p>\n

Other hacks are really theirs \u2014 apart from a few smart hackers who really are present there, the rest are not of the slightest interest. I just don\u2019t see the slightest point in DDoS-ing thousands of targets in turn, putting each one down for a few hours. This is not cyber war, but cyber hooliganism, throwing virtual trash cans and benches at the entrances to supermarkets.<\/p>\n

DS: How do you assess the work of the Belarusian Cyber Partisans?<\/strong><\/p>\n

AB: <\/strong>I really liked some of their hacks, we communicate.<\/p>\n

DS: How well protected is the critical infrastructure of the Russian Federation and Ukraine in 2022?<\/strong><\/p>\n

AB: <\/strong>We started asking the same question in 2017, after NotPetya. Then a law<\/a> \u201con the basics of cybersecurity\u201d appeared, and officials, as is customary with any officials, immediately began to say: you see, before everything was not very good, but now everything will be fine! This is a kind of legalism, the belief that the law is enough to affect reality. In such cases, I advise you to pass laws on the growth of the economy, victory in the war, and in general, it would be nice if the criminals themselves came to the police, otherwise it would be illegal. <\/p>\n

\n
\n
\n

just because I’m paranoid doesn’t mean they’re not out to get me. a bit chilling, less chilling than “Government-backed attack alerts” (seen ’em too) pic.twitter.com\/3mkJZcHIMt<\/a><\/p>\n

\u2014 herm1t (@vx_herm1t) January 19, 2021<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

Oh, wait\u2026 But these are all words, after that we started the flash mob #FuckResponsibleDisclosure, searching for vulnerabilities in the public sector, without hacking, and then publishing them. The first \u201cvictim\u201d was CERT-UA, they forgot the password for the mail account on the site. Other \u201cvictims\u201d include the Academy of the Ministry of Internal Affairs which stored a database of teachers and students on a passwordless disk, the Kyiv police, a dozen ministries \u2014 justice, education, health, presidential administration, documents of all candidates from the civil service agency, critical infrastructure, including water and electricity, up to and including a nuclear power plant. There is no \u201csecurity,\u201d however, the officials stubbornly did not want to admit their mistakes and did not want to move from denial to acceptance, arguing that \u201cthis is not ours, that it is ours, but old, not old, but unimportant, and so on.\u201d <\/p>\n

They even attempted to fabricate criminal cases, in 2018 (\u201cMinistry of Justice\u201d) and 2020 (\u201cOdessa Airport<\/a>\u201d). The cases fell apart and also did not reach court. After the power in Ukraine changed and the \u201cdigitalization\u201d program began, things got even worse, and the worst forecasts<\/a> were confirmed<\/a> in January 2022, when Russian special services hacked Diya<\/a> and almost the entire cabinet. I hope that now Deputy Prime Minister Fedorov\u2019s catchphrase that \u201cthe role of cybersecurity is greatly exaggerated\u201d is no longer relevant and the attitude towards security has changed significantly. The public sector has always been defended by the fact that from a commercial point of view this is an extremely unprofitable target, the risks associated with it are significantly higher than the benefits, plus the ban on \u201cworking for the CIS\u201d [Commonwealth of Independent States] on black sites is part of a long-standing compromise between black hats and special services. <\/p>\n

In Russia, everything is the same, only a little more money and a little more order, but the defense is actually in a deplorable state, and the decisions made (\u201ccyber defense headquarters,\u201d \u201ccyber centers,\u201d \u201cNKTsKI [National Coordination Center for Computer Incidents],\u201d \u201csovereign Internet\u201d and \u201cblack boxes of the FSB\u201d) are completely ineffective. We sat on one of our targets for a year and a half, helping to support the system administrators, warding off stray hackers, and helping to pass the FSB audit. The Russian Federation should think twice before throwing stones in a glass house.<\/p>\n

\n

\u201cNo matter how trite it may sound, cyber operations have long been a part of military operations. And although the results are sometimes not as noticeable as in the case of artillery or aviation, they are also needed.\u201d<\/p>\n

\u2014 Andrey Baranovich<\/em><\/cite><\/p><\/blockquote>\n

DS: What attack do you remember the most?<\/strong><\/p>\n

AB:<\/strong> I think that the most interesting attacks are yet to come, but there were many funny moments. Somehow we, with Falcons Flame [FF], lacked a phone number to hack our target, and I wrote a letter to the right person: \u201cSend your number, urgent.\u201d He shared and immediately said goodbye to all his accounts. The same FF somehow a raised a phishing site, a \u201csocial network for Novorossiya,\u201d where there was nothing but a registration page, and all the public cheerfully began to register there. There are so many stories like this, that it\u2019s hard to pick just one.<\/p>\n

DS: If you were appointed to the position of Cyber \u200b\u200bTsar of Ukraine, what would be the first thing you would change in the information security of the country?<\/strong><\/p>\n

AB:<\/strong> I think the two main problems are over-regulation and complete irresponsibility. As in other post-Soviet countries, officials have been building barriers out of the blue for years in order to raise and lower them for money, piled up yet another \u201cnational\u201d and \u201csingle\u201d registers in order to collect information that they don\u2019t really need, and of course, when there are 100,000 state and municipal institutions and enterprises and 200,000 IT specialists in the country, it is physically impossible to ensure the security of all these facilities. <\/p>\n

So, I am sure that, first of all, it is necessary to reconsider the approach to public administration and deprive the state of useless and unusual functions. For example, I do not understand why we have a register of providers, but no register of bakeries and hairdressers. Then abandon hyper-centralized solutions, but also avoid complete fragmentation, when each state shop builds its own information system. So if a dozen private integrators appear who will serve the public sector, with clearly-defined responsibilities of the parties, then the situation will change for the better.<\/p>\n

DS: What tools and infrastructure do you use in your work?<\/strong><\/p>\n

AB:<\/strong> The same tools used by red teamers, but since we have developers, we add everything that\u2019s missing on our own. For example, the experience of the virus scene was very useful to me, although at that time I thought that this was one of the most harmless and abstract hobbies on earth, like assembling boats in a bottle.<\/p>\n

DS: Is it really possible to change something in geopolitics by launching DDoS attacks and publishing leaks from the websites of various departments and corporations? Do you feel the effect of hacktivism?<\/strong><\/p>\n

AB:<\/strong> Even DDoS attacks can be useful, for example, Putin\u2019s speech at an economic forum was delayed due to a DDoS attack \u2014 a public humiliation and a clear signal that Russia cannot protect even such an important event. When Peskov begins to move his mustache and say<\/a> that Surkov \u201cdoes not use e-mail\u201d \u2014 a completely visible effect, revealed information can influence the decisions made by politicians. We found spies and saboteurs, and people went to prison or to the afterworld because something was hacked, so no matter how trite it may sound, cyber operations have long been a part of military operations. And although the results are sometimes not as noticeable as in the case of artillery or aviation, they are also needed.<\/p>\n

DS: What will the thousands of young specialists, whom the war has taught new methods of solving certain problems, do when the hostilities are over?<\/strong><\/p>\n

AB:<\/strong> I think that the number of specialists is strongly exaggerated, but many, I believe, use the acquired knowledge in the information security business.<\/p>\n

DS: Do you have friends who left the keyboard and took the weapon? <\/strong><\/p>\n

AB:<\/strong> Of course. Mobilization continues in the country, and many friends and acquaintances are now in the army, some use their knowledge in communications or information security troops, and some are fighting.<\/p>\n

DS: Tell me a secret, what\u2019s on the <\/strong>hard drives<\/strong><\/a>?<\/strong><\/p>\n

AB:<\/strong> Hacked information from Russia. There is a lot. Russian hackers have become a kind of brand, but Ukrainian hackers are no worse. Russia will pay dearly for the war it started.<\/p>\n

\n
\n
\n
\n

Mission-driven and Russian-speaking intelligence analyst with type A personality. Dmitry has twenty years of experience and expertise in cybercrime activity that includes being a former member of an elite Russian-based hacking organization.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":48316,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9885],"class_list":["post-48315","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentrussiacyberwarmilitary"],"yoast_head":"\nAn Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-06T16:15:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/therecord.media\/wp-content\/uploads\/2022\/09\/hermit.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"17 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks\",\"datePublished\":\"2022-09-06T16:15:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/\"},\"wordCount\":3463,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks.png\",\"keywords\":[\"headline,hacker,government,russia,cyberwar,military\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/\",\"name\":\"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks.png\",\"datePublished\":\"2022-09-06T16:15:02+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks.png\",\"width\":1084,\"height\":616},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,russia,cyberwar,military\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentrussiacyberwarmilitary\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/","og_locale":"en_US","og_type":"article","og_title":"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-09-06T16:15:02+00:00","og_image":[{"url":"https:\/\/therecord.media\/wp-content\/uploads\/2022\/09\/hermit.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"17 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks","datePublished":"2022-09-06T16:15:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/"},"wordCount":3463,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks.png","keywords":["headline,hacker,government,russia,cyberwar,military"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/","url":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/","name":"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks.png","datePublished":"2022-09-06T16:15:02+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks.png","width":1084,"height":616},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/an-interview-with-ukranian-hacker-herm1t-on-countering-pro-kremlin-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,russia,cyberwar,military","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentrussiacyberwarmilitary\/"},{"@type":"ListItem","position":3,"name":"An Interview With Ukranian Hacker Herm1t On Countering Pro-Kremlin Attacks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48315"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48315\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/48316"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}