Reportseverity: High2022-02-27
Conti Leaks expose 393 days of internal Jabber chat + v2 source
published by ContiLeaks (open-source, mirrored by vx-underground)
Actor
Russian-speaking ransomware operation that ran the dominant double-extortion brand of 2020-2022. After the group publicly declared support for the Russian invasion of Ukraine in February 2022, an ins…
Summary
Days after the Conti operation publicly declared support for the Russian invasion of Ukraine, a pro-Ukraine insider (the 'ContiLeaks' account) published 393 days of the group's internal Jabber chat archive, an org chart, salary records, internal training materials, and source code for the Conti v2 builder. The leak directly mapped operator handles to real-world identities and provided the foundation for subsequent indictments and the Black Basta / Royal / BlackSuit successor-operation lineage.
Tags
leakinsider-threatopen-source-intelligence