Russia's cybercrime groups have acted with relative impunity for years. The Kremlin and local law enforcement have largely turned a blind eye to disruptive ransomware attacks as long as they didn't target Russian companies. They are still tied to Russia's interests despite being pressured to tackle the groups. A recent leak from one of the most notorious groups provides a glimpse into the nature of those ties.
A cache of 60,000 leaked chat messages and files show how the criminal gang is well connected within Russia. The documents, which were reviewed by WIRED and were first published online at the end of February by an anonymous Ukrainian cybersecurity researcher who was in the group, show how Conti operates on a daily basis. They are likely to show how Conti members have connections to the Federal Security Service and the operations of Russia's government-backed military hackers.
The leaders of Conti talked about the work of Cozy Bear. The details were first reported by WIRED in February, but are also included in the wider Conti leaks. They had someone who paid the group and discussed taking over targets from the source.
The director of cybercrime analysis at the security firm Mandiant says that they reference the setting up of some long-term project and throw out the idea that the external party would help in the future.
The gang's activities continue to fall in line with national interests, despite the fact that there is no evidence of direct ties to the Russian government.
All Rights Reserved © 2024
