Behind the stage: Conti Leaks before and after

The Ukraine conflict comes to significant attention from the cybersecurity community because of cyberattacks conducted against Ukraine’s infrastructure. One threat group that has increased its operations is Conti Ransomware Group.

Conti Ransomware Group is one of the most emergent threat groups these days. After the beginning of the conflict in Ukraine, Conti released a statement informing the group is supporting the Russian government. The statement was published on its website, as observed below.

Figure 1: Conti’s statement fully supports the Russian government.

Two days after (Feb. 27, 2022), a new Twitter account was created to publish a large log containing hundreds of thousands of Jabber and Rocket Chat messages related to the internal group communications. 

Figure 2: Conti leaks published online.

Several entities have conducted global research, revealing some of the operations, TTP, software and crimes associated with the threat group.

Although it is not the purpose of this article to present a full analysis of the entire process, we will present below some of the artifacts identified during this mega operation against the malicious group.

Conti’s internal hierarchy

From a hierarchy graph by the CheckPoint research team, getting a high-level perspective about the teams and their responsibilities is

Read More: