Conti ransomware chats leaked by a insider in-support of Ukraine.

Conti ransomware gang pledged its allegiance to Russia’s invasion on Ukraine recently. However, like any other organization an insider from the Conti ransomware group has leaked the group’s internal chats now.

The chat logs for last 13 months containing conversations between affiliates, administrators and other members of the Russian ransomware group is published by VX-Underground, a malware research group. The leaked data has unprecedented insight into the Conti ransomware group operations.

The group that leaked the insights said ‘Glory to Ukraine’ in their message.

Diving into Conti ransomware leaked chats and conversations

The leaked data show that Conti ransomware operators created fake companies to schedule product demos with security firms like Sophos, CarbonBlack and few others to receive the code signing certificates with their development team working in SCRUM sprints accordingly to accomplish the development.

Furthermore, Conti is found to have close relationship with TrickBot and Emotet malware operators as well. Though Emotet was shutdown a while back, the TrickBot infrastructure was used to bring Emotet back online. More details can be found on ContiLeaks.

While Russian and Ukrainian troops are shelling and battling on the ground there are these cyber troops picking side with either of these countries including state sponsored hackers, anonymous, Conti ransomware groups, malware actors, Ukrainian IT army and more.

It is also to be noted that the Conti ransomware also warned entities that go against Russia or deploy cyberattacks on Russian entities will face several targeted attacks on their critical infrastructure from the Conti threat actors.

The Ukrainian IT army on the other hand mentioned in their Telegram channel that several Russian organizations and networks is actively being hit with DDOS attacks. Furthermore, hackers from Belarus who go by the name Cyber Partisan have attacked Russian train network affecting their troop movements and another group called AgainstTheWest has breached multiple Russian organizations and websites.

Meanwhile, we also have Anonymous that declared Cyber War on Russia recently and took down multiple news services including Russian oil giant Gazprom.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Twitter, and Reddit.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.