Researcher leaked Conti’s internal chat messages in response to its support to Russia

A Ukrainian researcher leaked tens of thousands of internal chat messages belonging to the Conti ransomware operation.

A Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia.

Researchers from cybersecurity firm Hold Security confirmed that the researcher was able to access the database XMPP chat server of the Conti group.

The leak was also reported by the popular malware researcher Vitali Kremez through BleepingComputer.

The messages are only related to chat conversations since January 21, 2021, their analysis coulg give analysis precious information about the operations conducted by the group, including unreported victims due to private deals with companies that opted out to pay the ransom avoid the public disclosure of the security breach.

These conversations contain various information about the gang’s activities, including previously unreported victims, private data leak URLs, bitcoin addresses, and discussions about their operations.

BleepingComputer reported the existence of conversations about TrickBot’s Diavol ransomware operation and 239 bitcoin addresses containing $13 million in payments.

Clearly the attack against the Conti ransomware and the data leak is a retaliation for its support for the Russian invasion of Ukraine. The attack will have a significant impact on the operation of the gang, considering also that many Conti’s affiliates are Ukrainian groups.

The researchers who leaked the data belonging to Conti’s communications announced more dumps are coming.

Ukraine is recruiting a volunteer IT army of cyber security experts and white hat hackers to launch cyberattacks on a list of Russian entities. The list is composed of 31 targets including Russian critical infrastructure, government agencies, banks, hosting prividers.

Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov called to action against Russia attempting to create an “IT Army” to launch a massive offensive against Russia.

A Telegram channel was used to coordinate the efforts and plan the cyber-attacks that will be conducted by the IT Army.

Below a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Conti Ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]