Conti ransomware gang chats leaked by pro-Ukraine member

Conti

A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on Friday, in the aftermath of Russia’s invasion of Ukraine.

The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists and security researchers.

Dmitry Smilyanets, a threat intelligence analyst for Recorded Future, who has interacted with the Conti gang in the past, has confirmed the authenticity of the leaked conversations.

The leaked data contains 339 JSON files, with each file consisting of a full day’s log. Conversations from January 29, 2021, to today, February 27, 2022, have been leaked and can be read online here, courtesy of security firm IntelligenceX.

Conti-leaked-chatsImage: The Record

“We promise it is very interesting,” the leaker wrote in the email sent earlier today.

They said the leak is also the first part of a larger set of Conti-related files they plan to release in the future.

Conti admins misstepped; LockBit did not

But the leak is also the result of days of turmoil in the cybercriminal underground, where the Russo-Ukrainian conflict has also divided the community.

While in the past Russian and Ukrainian hackers previously worked side by side, since Tuesday, this fraternity has been under strain, with several groups choosing sides in the armed conflict between the two countries.

Several gangs have come forward to announce plans to launch cyberattacks in support of one of the two sides, with Conti being one of the many gangs that chose to side with Russia.

“The Conti Team is official announcing a full support of Russian government,” the group said in a very aggressive message posted on Friday.

“If any body will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy. [sic]”

According to FellowSecurity, this aggressive pro-Russian message is what led to one of the gang’s members rebelling and leaking internal chats.

The Conti administrators realized their blunder hours later and tried to fix things by editing their blog post to have a more neutral tone, but by that point, the damage had been done.

Conti-Russia-messageImage: The Record

The internal Conti drama and the leak appear to have shown other gangs not to make the same mistake. For example, in a very neutrally-worded message posted earlier today, the LockBit gang said they were not going to choose any sides.

“For us it is just business and we are all apolitical. […] We are only interested in money for our harmless and useful work,” they said.

The post Conti ransomware gang chats leaked by pro-Ukraine member appeared first on The Record by Recorded Future.

Article Link: Conti ransomware gang chats leaked by pro-Ukraine member - The Record by Recorded Future