Conti Ransomware Gang Internal Chats Leaked by Ukraine Security Researcher

Bitdefender Small Business Security

A Ukrainian security researcher leaked 60,000 messages from Conti internal gang chats after its leaders posted an aggressive message on their website announcing that they’re siding with Russia over Ukraine’s invasion.

Conti’s siding with Russia didn’t sit well with the security expert, who hacked the gang’s Jabber/XMPP server and leaked several internal logs by sending emails to multiple security researchers and journalists.

Security experts confirmed the validity of the messages and believe that a researcher with access to Conti’s XMPP chat server “ejabberd database” backend leaked the data, according to BleepingComputer.

The leaked dataset contains 393 JSON files holding 60,094 messages between Jan. 21, 2021, and Feb. 27, 2022. Although it has a large chunk of the group’s internal chat communications, the database misses some of the messages, seeing as the gang started its operation in July 2020.

Reportedly, the leakers “promise it is very interesting” and mentioned that the internal chat messages are only a small part of a more significant upcoming Conti file leak.

Security researchers are still examining the group’s leaked chat messages but are optimistic, saying that having precious insight such as internal conversations can play a considerable part in analyzing crime groups’ Tactics, Techniques, and Procedures (TTP).

Apparently, the Russo-Ukrainian conflict drove a wedge between Russian and Ukrainian hackers, previously known to work side by side. Several groups are seemingly choosing sides, as several gangs announced plans to launch cyberattacks supporting one of the two sides.

Ukraine last week started recruiting individuals for an “IT Army” against Russian Entities. Yegor Aushev, the CEO of Kyiv-based Cyber Unit Technologies, published an announcement on various hacking forums, calling on individuals to volunteer their skills and expertise and join the country’s cyber defense. Volunteers would apply via a Google Docs link and were encouraged to mention their specialties and professional references.