A Ukrainian researcher leaked tens of thousands of internal chat messages belonging to the Conti ransomware operation.
A Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia.
Researchers from cybersecurity firm Hold Security confirmed that the researcher was able to access the database XMPP chat server of the Conti group.
conti jabber leaks https://t.co/0FzXiXhI2d— conti leaks (@ContiLeaks) February 27, 2022
BREAKING: @HoldSecurity tells me Conti’s systems have been infiltrated by cybercrime researchers for some time. The data was dumped by a Ukrainian cyber security researcher pissed off after Conti expressed support for Russia in the conflict. #infosecurity— The Ransomware Files (@ransomwarefiles) February 28, 2022The leak was also reported by the popular malware researcher Vitali Kremez through BleepingComputer.
The messages are only related to chat conversations since January 21, 2021, their analysis coulg give analysis precious information about the operations conducted by the group, including unreported victims due to private deals with companies that opted out to pay the ransom avoid the public disclosure of the security breach.
These conversations contain various information about the gang’s activities, including previously unreported victims, private data leak URLs, bitcoin addresses, and discussions about their operations.
BleepingComputer reported the existence of conversations about TrickBot’s Diavol ransomware operation and 239 bitcoin addresses containing $13 million in payments.
239 Bitcoin addresses representing ~$13.1 million in payments from the Conti leak have been added to https://t.co/lBxHWCQm7S. The full dataset is available to download from the site.#ransomware #Conti— Ransomwhere (@ransomwhere_) February 27, 2022Clearly the attack against the Conti ransomware and the data leak is a retaliation for its support for the Russian invasion of Ukraine. The attack will have a significant impact on the operation of the gang, considering also that many Conti’s affiliates are Ukrainian groups.
The researchers who leaked the data belonging to Conti’s communications announced more dumps are coming.
Ukraine is recruiting a volunteer IT army of cyber security experts and white hat hackers to launch cyberattacks on a list of Russian entities. The list is composed of 31 targets including Russian critical infrastructure, government agencies, banks, hosting prividers.
Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov called to action against Russia attempting to create an “IT Army” to launch a massive offensive against Russia.
A Telegram channel was used to coordinate the efforts and plan the cyber-attacks that will be conducted by the IT Army.
Below a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective.
Feb 7- Feb 27 Ukraine – Russia the silent cyber conflict
Follow me on Twitter: @securityaffairs and Facebook
try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini
(SecurityAffairs – hacking, Conti Ransomware)
The post Researcher leaked Conti’s internal chat messages in response to its support to Russia appeared first on Security Affairs.