Security News > 2022 > September > Google says former Conti ransomware members now attack Ukraine
Google says some former Conti cybercrime gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations.
Google TAG says its attribution is based on multiple overlaps between UAC-0098, Trickbot, and the Conti cybercrime group.
"Based on multiple indicators, TAG assesses some members of UAC-0098 are former members of the Conti cybercrime group repurposing their techniques to target Ukraine," Google TAG added.
The Russian-based Conti gang launched a ransomware operation in 2020, taking the place of the Ryuk ransomware group.
A Ukrainian security researcher leaked over 170,000 internal chat conversations belonging to the gang, together with the source code for the Conti ransomware encryptor, after Conti sided with Russia following its invasion of Ukraine.
Some ransomware gangs infiltrated by Conti members include BlackCat, Hive, AvosLocker, Hello Kitty, and the recently revived Quantum operation.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)