28 February 2022

Ukrainian hacker leaks Conti ransomware operators’ internal conversations


Ukrainian hacker leaks Conti ransomware operators’ internal conversations
A Ukrainian security researcher has leaked thousands of internal messages belonging to members of the Conti ransomware group after the cartel announced its full support of the Russian authorities, threatening to strike back at the critical infrastructures of enemies who would organize a cyber attack or any war activities against Russia.

The gang, however, later softened rhetoric to say that ‘we do not ally with any government and we condemn the ongoing war,” although the team maintained that it “will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world.”

Security researchers have confirmed the validity of the leaked data. The information was leaked by a security researcher who had access to the "ejabberd database" backend for Conti's XMPP chat server.

The leak includes 393 JSON files containing a total of 60,694 messages since January 21, 2021, through February 27, 2022. These messages contain various information about the gang's activities, including previously unreported victims, messages confirming the shut down of the TrickBot botnet earlier this month, private data leak URLs, bitcoin addresses, and discussions about their operations. The leaked conversations are available here.

Cybersecurity Help’s statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war!



Back to the list

Latest Posts

New Android malware linked to Indian DoNot Team APT

New Android malware linked to Indian DoNot Team APT

The malware, named Tanzeem and Tanzeem Update, was first detected in October and December 2024, respectively.
21 January 2025
New STAC5143 and STAC5777 ransomware campaigns using email bombing, Microsoft Teams vishing

New STAC5143 and STAC5777 ransomware campaigns using email bombing, Microsoft Teams vishing

The campaigns are designed to overwhelm victims with massive volumes of spam emails.
21 January 2025
Sophisticated malware campaign is targeting Chinese-speaking regions

Sophisticated malware campaign is targeting Chinese-speaking regions

The attacks involve a multi-stage infection chain that delivers the ValleyRAT malware through a loader called PNGPlug.
21 January 2025