Ukrainian Launched Revenge Against Conti Hackers
As we know Ukrainian dark web hackers and Russian hacking groups are dueling it out online. Both groups have entered the war being fought on the ground by Russian and Ukrainian soldiers. The dark web hackers are tasked with launching cyber attacks, as well as preventing security breaches against government entities in both countries.
With many hacking communities making their grievance known, they have publicly declared which country they are supporting in this ongoing war, which has now stretched into day seven since the Russian invasion of Ukraine began.
Conti Caught Fire Siding with Russia
One such cyber-soldier group is the infamous and powerful Conti ransomware hacking group. Just a few days ago, Conti issued a stark warning to Ukrainian hackers that they are ready to use all necessary hacking weapons to take on any hacker that dares to attack the Russian empire. The group released a public statement declaring war on its opponent “to strike back at the critical infrastructures of an enemy.”
In 2021, the Conti ransomware group wreaked havoc on 63 companies operating industrial control systems (ICS). The group mainly targets the industrial and manufacturing sectors through the BazarBackdoor stealth malware acquired from the TrickBot dark web hackers.
Conti Feels the Heat
However, while Conti is recognized as the most dominant ransomware dark web hacker, there is a Ukrainian researcher that has been administering some lethal blows to the Conti organization.
Notably, Conti threat actors are renowned to hijack the private networks of scores of large corporations across the globe. But now the Conti ransomware group is getting a dose of its own medicine, with the group forced to swallow some devastating bitter pills.
The Conti ransomware operation is now the target of a massive hack with most of its internal activities being leaked publicly. In the information released online; its secretly guarded ransomware source code, private conversations, and administrative panels are now in the public domain.
Twitter Handle @ContiLeaks
Reportedly, the leaked internal information released by the Ukrainian secret snooper was posted on Twitter dubbed @ContiLeaks. In the devastating leak, there are 393 JSON files that contain over 60,000 internal messages. The data was taken from the private XMPP chat server that documented private conversations of the Conti and Ryuk ransomware hacking groups.
The dark web hacking group’s private conversations for an entire year could now become the main focus of investigators and research analysts. Cyber security enforcement officials now have a golden treasure trove filled with information such as Conti’s bitcoin addresses and their attack strategies. In addition, the information revealed the hackers’ business model as well as how they evade law enforcement officials.
As the damaging Conti data continues to flow, 148 more JSON files with 107,000 internal messages starting June 2020 were released on Twitter.
New Ransomware Threat Actors
ContiLeaks on the Twitter handle include the source code of its administrative panel, the BazarBackdoor API, and storage servers screenshots. However, the most damning information was Conti’s password protected archive. Now, Conti ransomware source code, builder, encryptor, and decryptor are public knowledge.
What’s more damaging to Conti, is that another hacker cracked its ransomware source code, and revealed the password, granting public access to the source code for the Conti ransomware malware files. With the Conti ransomware operation being public knowledge; it is left to be seen how more dark web hackers will utilize the leaked source code to launch more ransomware attacks in 2022, for criminal gains.