And as far as I can tell they just arbitrarily claim that without evidence. The way they say it also makes it sound like a partial list of blocked languages, based on former USSR countries like Syria.
I'm saying they provide no evidence for the claim. They spend a long time going over what is in the config, which they link to, then just say "and they don't target these languages."
Your links supposed anonymous forum post is better evidence, though it's only evidence on the Syria claim is an unlinked announcement and the actions of a group they guess is related.
> When Russian hackers do target victims in Russia, Moscow’s response is swift and harsh. In 2012, eight men were arrested by Russian police after stealing some $4 million from several dozen banks, including some in Russia. According to security blogger Brian Krebs, “Russian police released a video showing one of the suspects loudly weeping in the moments following a morning raid on his home.”
Apparently, just having a Russian keyboard defined, but not active, provides some defense. And this detection code is apparently in many ransomware packages, not just for this group.
I had this when doing some work for a company that worked in China. I had to use a Chinese android app, but because I can’t read it I infected my machine with all kinds of malware. The app even had 100k downloads so my guard wasn’t up. I think it was some chinese version of youtube I needed.
Apparently the malware kicked in because I didn’t have a chinese keyboard.
After that a chinese friend helped me install the right app and avoid some pitfalls.
This is the source. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-b...
And as far as I can tell they just arbitrarily claim that without evidence. The way they say it also makes it sound like a partial list of blocked languages, based on former USSR countries like Syria.