The latest happening in cyberspace revealed that the notorious Conti ransomware group siding with Russia over the Ukraine invasion war had a pro-Ukraine member leak more than 60,000 private messages of the threat group’s operation to the public.
After some cybersecurity experts validated the said leak files, it was discovered that the messages were extracted from a Jabber communication platform’s log server being used by the Conti ransomware group in attacks. The individual who leaked these messages was able to infiltrate the ‘ejabberd database’ backend of the threat group’s XMPP chat server.
There are currently 393 leaked JSON files that hold about 60,694 messages from January of last year until today. Nonetheless, since the threat group began its malicious operations in July 2020, the leaked files might only hold a fragment out of all Conti’s internal conversations.
Aside from the private conversations, the leak also contains other critical data that might cripple the operations of the Conti ransomware group.
These data include information about the threat group’s activities and operations, data leak URLs, new victims’ data, and bitcoin addresses and transactions.
below is the screenshot of the leaked JSON files:
Some conversations from the leak include the threat group talking about how security researchers discovered their TrickBot operation being shut down and about 200 bitcoin addresses, which contain over $13 million worth of ransomware payments.
Cybersecurity researchers and law enforcement would find this leak advantageous since it contains a large amount of sensitive information regarding Conti’s operation.
Upon Russia’s war commencement to invade Ukraine, the Conti ransomware group announced their full support for the Russian government. Their support includes retaliation against those who would attempt to cyberattack Russia amid the war, warning that they will strike back at an adversary’s critical infrastructure.
Some affiliates of Conti from Ukraine got dismayed over the threat group backing Russia, which led the group on a very rough spot.
Nonetheless, the initial statement already sparked outrage among the pro-Ukraine members and forced them to infiltrate Conti’s XMPP backend server to leak the critical data.
Although the recent leak could have crippled the Conti ransomware group, experts still believe that the threat gang will continue its malicious operations. This claim is after the group’s recent possession of the BazarBackdoor malware, proving that the incident could only faze them as far.
