Security News
Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate's internal chats. The file dump, published by malware research group VX-Underground, is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated ransomware group from January 2021 to February 2022, in a move that's expected to offer unprecedented insight into the gang's workings.
Ukrainian news agency Ukrainska Pravda has claimed the nation's Centre for Defence Strategies think tank has obtained the online personal details of 120,000 Russian servicemen fighting in Ukraine. The Ukrainian news agency said the think tank obtained the personnel records from "Reliable sources." Whether or not the database is real, the impact on Russian military morale - knowing that your country's enemies have your personal details and can contact your family if you're captured, killed, or even still alive - won't be insignificant.
The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The latest dump includes source code for Conti ransomware, TrickBot malware, a decryptor and the gang's administrative panels, among other core secrets. On Monday, vx-underground - an internet collection of malware source code, samples and papers that's generally considered to be a benign entity - shared on Twitter a message from a Conti member saying that "This is a friendly heads-up that the Conti gang has just lost all their sht."
Infamous ransomware group Conti is now the target of cyberattacks in the wake of its announcement late last week that it fully supports Russia's ongoing invasion of neighboring Ukraine, with the latest hit being the leaking of its source code for the public to see. The researcher leaked 393 JSON files containing more than 60,000 internal messages that reported were taken from the Conti and Ryuk ransomware gang's private XMPP chat server.
A Ukrainian researcher continues to deal devastating blows to the Conti ransomware operation, leaking further internal conversations, as well as the source for their ransomware, administrative panels, and more.On Monday, the researcher kept leaking more damaging Conti data, including an additional 148 JSON files containing 107,000 internal messages since June 2020, which is around when the Conti ransomware operation was first launched.
An angry member of the Conti ransomware operation has leaked over 60,000 private messages after the gang sided with Russia over the invasion of Ukraine. AdvIntel CEO Vitali Kremez, who has been tracking the Conti/TrickBot operation over the last couple of years, also confirmed to BleepingComputer that the leaked messages are valid and were taken from a log server for the Jabber communication system used by the ransomware gang.
American football team the San Francisco 49ers have been hit by ransomware, with the criminals responsible claiming to have stolen corporate data and threatened to publish it. Calling itself Blackbyte, the ransomware gang responsible published samples of stolen documents on a dark web blog over the weekend, as seen by The Register.
The BotenaGo botnet source code has been leaked to GitHub. Uploading of the source code to GitHub "Can potentially lead to a significant rise of new malware variants as malware authors will be able to use the source code and adapt it to their objectives," Alien Labs security researcher Ofer Caspi wrote.
A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make "a lot of money" by breaching corporate networks and encrypting devices. The Rook ransomware payload is usually delivered via Cobalt Strike, with phishing emails and shady torrent downloads being reported as the initial infection vector.
British classifieds site Gumtree.com suffered a data leak after a security researcher revealed that he could access sensitive personally identifiable data of advertisers simply by pressing F12 on the keyboard. When pressing the F12 key in a web browser, the application will open the developer tools console, which allows you to view a website's source code, monitor network requests, and view error messages produced by the website.