Security News > 2022 > September > Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages
Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity.
The operators of Conti ransomware completed turning off their internal infrastructure in May this year but its members have dispersed to other ransomware gangs.
These former Conti members continue to use in new attacks the same Cobalt Strike toolkit as they did in their original operation.
Someone is now tracking the TeamServers used by ransomware actors to control the Cobalt Strike Beacon payloads on compromised hosts, which allow lateral movement on the network.
Vitali Kremez, the CEO of cyber intelligence company Advanced Intelligence, told BleepingComputer that whoever is running these attacks initially targeted at least four Cobalt Strike servers allegedly controlled by ex-Conti members.
Kremez says whoever is behind this activity is constantly targeting Cobalt Strike servers believed to be operated by previous Conti ransomware members, resuming the flood whenever a new server is discovered.