Security News > 2022 > September > Google: Former Conti cybercrime gang members now targeting Ukraine
Google says some former Conti ransomware gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations.
Google TAG says its attribution is based on multiple overlaps between UAC-0098, Trickbot, and the Conti cybercrime group.
"Based on multiple indicators, TAG assesses some members of UAC-0098 are former members of the Conti cybercrime group repurposing their techniques to target Ukraine," Google TAG added.
"TAG assesses UAC-0098 acted as an initial access broker for various ransomware groups including Quantum and Conti, a Russian cybercrime gang known as FIN12 / WIZARD SPIDER.".
The threat group's activities detected and revealed today by Google also align with previous reports from IBM Security X-Force and CERT-UA, who also linked attacks on Ukrainian organizations and government entities to the TrickBot and Conti cybercrime gangs.
A Ukrainian security researcher leaked over 170,000 internal chat conversations belonging to the gang, together with the source code for the Conti ransomware encryptor, after Conti sided with Russia following its invasion of Ukraine.