Ukrainian hacker leaks Conti ransomware internal chats after gang sides with Russia

Ukrainian security researcher leaks Conti ransomware internal chats after gang sided with Russia

Image:
Ukrainian security researcher leaks Conti ransomware internal chats after gang sided with Russia

Leaked messages detail previously undisclosed victims, bitcoin addresses, private data breach URLs and discussions of the gang's actions

A Ukranian security researcher with access to the Conti ransomware group's chat server has leaked the internal chats of the group after the group sided with Russia over the invasion of Ukraine.

The researcher hacked the gang's internal Jabber/XMPP server and sent internal logs to multiple security researchers and journalists.

The identity of the researcher is unknown, but earlier reports in the press and on social media has suggested that the leaker was a disgruntled Conti affiliate, which appears not to be the case.

As reported by Bleeping Computer, there are 393 leaked JSON files in all, with each file including a full day's data.

These files contain 60,694 messages dating from 21 January 2021 to 27 February 2022 and include information on previously undisclosed victims, bitcoin addresses, private data breach URLs and discussions regarding the gang's actions.

The disclosure comes on the heels of Conti's aggressive message on Friday, in which the group declared its full support for President Vladimir Putin's decision to attack Ukraine.

The Russian military invaded neighbouring Ukraine from three sides on Thursday, in the worst attack on a European state since World War II.

The Conti group warned in its message that if anyone planned a cyberattack or any war operations against Russia, the group would use all available resources to strike back against an enemy's crucial infrastructures.

Following the disclosure of its internal documents, the gang edited its statement to indicate that they do not ally with any government and condemn the current conflict.

Conti began its attacks in 2019 and has since been accused of ransomware attacks on a number of firms in the United States and Europe, including on the Irish Health Service and high street chain Fatface.

The revelation of its private discussions is a major setback for the group's ransomware operation. It also demonstrates how divided the underground hacker community has become as a result of Russia's invasion of Ukraine. Several groups have come forward to announce their support for one of the two sides, with Conti being one of these.

Last week, it emerged that the Ukrainian government had asked volunteers from the country's hacker underground to assist in protecting vital crucial infrastructure and spy on Russian forces.

The Anonymous hacker collective has declared its support for Western allies, stating that it would solely attack Russian operations.

On Thursday, Anonymous claimed on Twitter that it had taken down multiple websites affiliated with the Russian government.

Among them was RT, a state-run news outlet that reported confirmed it was target of a distributed denial-of-service (DDoS) attack.

Anonymous' actions came hours after Yegor Aushev, co-founder of a Kyiv-based cybersecurity firm, told Reuters that a top Ukrainian Defence Ministry official had requested him to issue a call for help within the hacker community. The Defence Ministry, according to Aushev, is looking for both offensive and defensive cyber actors.

On Friday, Anonymous claimed to have successfully breached and published the database of the Russian Ministry of Defence website, as well as uploading private data of the Russian MoD.

The tweet was later removed because it "violated Twitter Rules," according to the social media site.

Ghost Security, commonly known as GhostSec, is another hacker group that has allegedly disclosed its support for Ukraine. The group is said to be a branch of Anonymous.

Meanwhile, Ukraine continues to be targeted with DDoS attacks, phishing attempts and malware.

According to CERT-UA, military members are being sent phishing messages in a campaign that is being run by the officials from the Belarus Ministry of Defence.

Internet service remains patchy across the country, with Netblocks reporting disruptions in various cities..