• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
ukraine russia cyber warzone splits cyber underground

Ukraine-Russia Cyber Warzone Splits Cyber Underground

You are here: Home / Latest Cyber Security Vulnerabilities / Ukraine-Russia Cyber Warzone Splits Cyber Underground
February 28, 2022

A pro-Ukraine Conti member spilled 13 months of the ransomware group’s chats, though cyber actors are rushing to align with each sides.

The Russia-Ukraine cyber warzone has split the Conti ransomware gang into warring factions, leading to a Ukrainian member spilling 60,000 of the group’s inside chat messages on-line. 

On Monday, vx-underground – an internet collection of malware supply code, samples and papers that’s typically regarded to be a benign entity – shared on Twitter a information from a Conti member expressing that “This is a welcoming heads-up that the Conti gang has just missing all their sh•t.” 

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The gang has also, seemingly, missing a cache of chat facts: the very first dump of what the poster promised would be many, “very interesting” leaks coming from Conti’s Jabber/XMPP server.

“F•ck the Russian govt, Glory to Ukraine!” the Conti member, who’s reportedly considered to be Ukrainian, proclaimed. Threatpost advises warning about clicking on any backlinks delivered in social media messages: They are, just after all, delivered by a ransomware group and ought to be addressed with child gloves.

Conti ransomware team previously set out a message siding with the Russian authorities.

Nowadays a Conti member has started leaking knowledge with the message “Fuck the Russian authorities, Glory to Ukraine!”

You can download the leaked Conti details right here: https://t.co/BDzHQU5mgw pic.twitter.com/AL7BXnihza

— vx-underground (@vxunderground) February 27, 2022

Cisco Talos’ Azim Khodjibaev mentioned on Sunday confirmed that the dump does in actuality comprise conversations concerning affiliates, administrators and admins, rendered on Jabber instant-messaging accounts. 

seems like the #conti leaks of 2022 are in truth chat logs from jabber accounts amongst affiliates, administrators and admins. Rejoice CTI analysts and data experts, it is in json form! #busymonday pic.twitter.com/DiyqNoymsD

— Azim Khodjibaev (@AShukuhi) February 27, 2022

The discussions date again 13 months, from Jan. 29, 2021 to yesterday, Feb. 27 2022. 

The initial dump is made up of 339 JSON files, with just about every file symbolizing a comprehensive day’s log. Cybersecurity firm IntelligenceX has posted the spilled conversations below. Many of the messages are prepared in a Cyrillic-scripted language that appears, at least according to Google translate, to be Russian. 

The Possibly-Significantly less-Than-100% Russian Conti

Conti, a Russia-based extortionist gang, is regarded to be as ruthless as it is refined: It was the first specialist-grade ransomware team to weaponize Log4j2. 

On Friday, Conti sided with Russia, pledging “full support” for President Vladimir Putin’s invasion of Ukraine.

“WARNING,” Conti blared on its web site, threatening to use its “full capacity” to retaliate in the encounter of “Western warmongers endeavor to target critical infrastructure in Russia or any Russian-speaking region of the entire world.”

Conti web site pledge to aid Russia’s invasion of Ukraine. Source: Conti blog.

Cyberattacks Coming at and From Russia

The break up-Conti tale is just 1 of a myriad of cybersecurity headlines coming out of the siege of Ukraine. Some other activities in the cyberwar that are rocking the security earth:

Russia appears to deploy digital defenses just after DDoS attacks 

Nameless Declares ‘Cyberwar’ on Russia and Pledges Aid for Ukraine 

Anonymous breached the inner network of Belarusian railways 

Ukraine: Volunteer IT Military is heading to hit tens of Russian targets from this list 

Richard Fleeman, vice president of penetration screening ops at cybersecurity advisory providers provider Coalfire, advised Threatpost on Monday that collective teams these kinds of as Nameless claim to be hacktivists, that means they do not attack for own attain, but fairly that they search for to unfold their ideology and wage cyberwarfare versus all those that don’t  align. 

“These varieties of actions ebb and stream based on geopolitical gatherings or collective targets of these groups,” he stated. This is not new, but they’ll probable escalate “amidst the world wide chaos to concentrate on different international locations, govt agencies, and firms.”

“These teams thrive on sentiment and will possible continue to establish momentum based on their aims,” Fleeman observed. 

The muddle of war can also obscure bogus flag or phony data campaigns that concentrate on, impact or mislead other individuals, he stated. “This can be completed in a wide range of techniques, for illustration, China compromising Russian technology and targeting other nations by means of the compromised infrastructure to hide the origins of their attacks or embedding Russian language or phrases into supply code of malware would support in the hiding [of] the genuine origin.”

He urged that situational consciousness be elevated and that security groups “be vigilant, remain warn, and leverage their security mechanisms in put to discover threats and mitigate them in a fluid method.”

The Entice of War to Cyber Actors 

Casey Ellis, founder and CTO at crowdsourced cybersecurity service provider Bugcrowd, advised Threatpost on Monday that the cold mother nature of cyber combat can make it tricky to predict who’ll enter this conflict and how. 

“The simple fact that a whole lot of unrelated but anxious actors have entered the conflict is unsurprising,” he mentioned through email. “Anonymous, for case in point, is properly-recognised for having a principled placement on topics and then performing or retaliating by using the Internet.”

His most important concern: “the relative problem of attribution in cyberattacks, as effectively as the chance of incorrect attribution or even an intentional phony flag procedure escalating the conflict internationally.”

Russia will very likely prevent provoking the United States “until it’s tactically or strategically advantageous for them to do so, which we all hope we can stay clear of,” he noted. Past week, the White House denied looking at plans to start substantial cyberattacks from Russia in order to slice off its skill to pursue its armed forces aggression – denials manufactured in spite of NBC News quoting several resources to the contrary. 

“Having claimed that, the backdrop of conflict and the openness of the Internet give larger than standard ranges of’”aircover’ and history sounds for cybercriminals, as very well as other nation-states seeking to plant a fake flag,” Ellis stated.

John Bambenek, principal danger hunter at electronic IT and security operations enterprise Netenrich, instructed Threatpost by way of email that it is the wild west out there: Regular actors are making use of sabotage and DDoS linked to armed forces goals, he observed, although others “will use the fog of war (rather pretty much) to acquire advantage. No just one has to commit entrance line infantry if they want to consider gain any more,” he stated.

Assume a pig pile, he predicted: “Usually for conflicts in that area, other non-point out regional actors will have interaction, possibly due to patriotism or opportunism. Now that extra nations are building this functionality, more are coming to play. And there is no much better training ground for country-point out actors than participating in in an lively warzone.”  

What does that necessarily mean for security teams in the United States and other western international locations?  It depends on what the West does, he stated. “If we get involved militarily, then the scope of attacks will boost to those nations as properly. If it is qualified sanctions, probable attacks will concentration on those in the chain of enforcement.”

 




Some parts of this short article are sourced from:
threatpost.com

Previous Post: «Cyber Security News US Indicts BitConnect Founder
Next Post: CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog cisa adds recently disclosed zimbra bug to its exploited vulnerabilities»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Sioux Falls Funds DSU Cybersecurity Lab
  • ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps
  • Irish Watchdog Fines Meta $19m Over Data Breach
  • Avast Merger Raises Competition Concerns
  • Linux botnet spreads using Log4Shell flaw
  • Another Destructive Wiper Targets Organizations in Ukraine
  • New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
  • New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
  • FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Copyright © TheCyberSecurity.News, All Rights Reserved.