Russia's cybercrime groups have acted with relative impunity for years. The Kremlin and local law enforcement have largely turned a blind eye to disruptive ransomware attacks as long as they didn't target Russian companies. They are still tied to Russia's interests despite being pressured to tackle the groups. A recent leak from one of the most notorious groups provides a glimpse into the nature of those ties.
A cache of 60,000 leaked chat messages and files show how the criminal gang is well connected within Russia. The documents, which were reviewed by WIRED and were first published online at the end of February by an anonymous Ukrainian cybersecurity researcher who was in the group, show how Conti operates on a daily basis. They are likely to show how Conti members have connections to the Federal Security Service and the operations of Russia's government-backed military hackers.
As the world was struggling to come to grips with the COVID-19 pandemic’s outbreak and early waves in July 2020, cybercriminals around the world turned their attention to the health crisis. On July 16 of that year, the governments of the UK, US, and Canada publicly called out Russia’s state-backed military hackers for trying to steal intellectual property related to the earliest vaccine candidates. The hacking group Cozy Bear, also known as Advanced Persistent Threat 29 (APT29), was attacking pharma businesses and universities using altered malware and known vulnerabilities, the three governments said. AdvertisementThe leaders of Conti talked about the work of Cozy Bear. The details were first reported by WIRED in February, but are also included in the wider Conti leaks. They had someone who paid the group and discussed taking over targets from the source.
The director of cybercrime analysis at the security firm Mandiant says that they reference the setting up of some long-term project and throw out the idea that the external party would help in the future.
The gang's activities continue to fall in line with national interests, despite the fact that there is no evidence of direct ties to the Russian government.