InvestigationAt the end of February, shortly after the start of the war in Ukraine, an anonymous person published dozens of documents containing internal discussions between members of this criminal group.
“It’s not a DNS server, what the hell are you doing?” » It’s September 30, 2020, and a struggling hacker with ties to a major criminal group is being scolded by what appears to be his partner. Online, the two men have been discussing for more than a week a potential victim, a large company in the film industry whose network they seek to take control of. Their goal is to exfiltrate data and then deploy ransomware, a tool that will paralyze the entire system. If they succeed, they will then display on one or more network screens a ransom note, asking the victim to pay up to several tens of millions of dollars to obtain the decryption key.
These dozens of documents span a two-year period
This exchange is part of an unprecedented mass of communications between members of Conti, one of the largest cybercriminal groups in the world, which were stolen and disseminated online from February 28, and that The world has consulted. These dozens of documents, containing a total of tens of thousands of lines of text in Russian, are spread over a period of two years and come from different couriers.
The origin of this leak is uncertain. Some experts have speculated that it was a Ukrainian partner of Conti scalded by the official statements in favor of the Russian government, published on the official blog of the group, while the Twitter account “ContiLeaks” introduces the person to the origin of this leak as a computer security researcher. In recent months, specialized media and companies had already begun to publish very sensitive information about Conti, confirming the thesis of an undercover investigator.
A hundred employees
These documents confirm, in any case, the daunting size of this organization of criminals, compared to other cybercriminal groups. “When we talk about cybercrime, we imagine a 25-year-oldunderlines David Sancho, analyst in the team of investigation of the company Trend Micro. In reality, here, he is a man in his fifties with two children at university who works in an office with a hundred people. » An internal message published in July 2021 by one of the group’s thinking heads, nicknamed “Mango”, quotes nearly a hundred employees, including sixty-two in the main team.
The members of the gang must manage a constant flow of recruitment and even have, for this, human resources managers to conduct job interviews, as in a traditional company. While many recruitments take place on private Russian-speaking forums, Conti has, as pointed out check point company, diversified its methods, directly contacting developer profiles, for example, on Russian job sites, such as Headhunter.ru. According to some discussions consulted by The worldthe company would even rent physical offices. “Hi, operators are coming to the new offices”explains, for example, Stern, suspected of being the boss of the group, in a message of October 2, 2021. “We have two offices, they are large and quiet”details another member in a conversation.
You have 68.09% of this article left to read. The following is for subscribers only.