Staff Think Conti Group Is a Legit Employer – Podcast

Thanks to gray-hat Ukrainian hacker ContiLeaks, the Conti ransomware gang spilled its guts in late February. Considering the fact that then, scientists have been poring around the group’s secrets and techniques, which includes a huge trove of chat logs and other doxxed knowledge, including source code for Conti ransomware, TrickBot malware, a decryptor and the gang’s administrative panels.

ContiLeaks printed these inner documents just after the ransomware group’s leaders posted an aggressively pro-Russian concept on their official web page in the aftermath of Russia’s invasion of Ukraine.

Very last 7 days, BreachQuest published the results of its week-very long deep dive into the details. In essence, BreachQuest located that Conti Team operates like a legitimate, over-board large-tech company that hires and even fires contractors and salaried staff members alike.

The dump enabled researchers to sketch out a chart demonstrating vital figureheads and the roles they participate in to expand Conti’s organization, as well as details on:

• Earnings and prices
• How they recruit
• Who are the leaders
• Who they focus on: little as properly as huge targets
• How they focus on and escalate attacks and how they get payments
• How they obtain their victims
• Undertaking Blockchain – Conti group’s hard work to make its possess altcoin and
• A additional comprehensive being familiar with of the instruments utilised to spy on and compromise victims.

Marco Figueroa, head of solution at BreachQuest, dropped in on the Threatpost podcast to give us some of the intelligence gleaned from the leaked chat logs. People logs show that more than the course of 13 months, Conti expended about $6M on income, month to month bonuses, tooling and services.

Its HR team is indicative of how skillfully Conti team conducts business enterprise: They present “employee of the month” and general performance evaluate courses.

In quick, Conti team considers by itself a genuine corporation. Lots of of its staff members don’t even know they are operating for a cybercriminal outfit. Some almost certainly select to appear the other way, but the turnover is nevertheless large.

Which is likely just one reason why Conti’s teaching elements are the finest Marco’s ever seen: The team demands to document strategies since they continually have to teach new contractors.

In reality, security groups on their own should really take the coaching, Marco suggests, to find out how the specialists productively teach their regrettably top-notch cyberattackers.

By the way, just after BreachQuest’s report was published, Marco acquired a phone get in touch with from Russia: a initially for him, he explained. Both Conti’s a admirer of  BreachQuest’s exploration, it was a incorrect number, or hey, who understands? Perhaps its HR team is expanding its outreach.

You can down load the podcast down below or pay attention here. For extra podcasts, check out out Threatpost’s podcast website.

Transferring to the cloud? Uncover rising cloud-security threats along with solid advice for how to defend your assets with our No cost downloadable E book, “Cloud Security: The Forecast for 2022.” We examine organizations’ prime threats and troubles, greatest tactics for protection, and suggestions for security results in these a dynamic computing natural environment, together with useful checklists.