In Feb 2022, leaked chat logs of the threat group’s members showed how professionally organized and managed these hackers are.
The infamous ransomware-as-a-service group Conti is said to be based in Russia and tied to Russian intelligence agencies.
Conti has been blamed for ransomware attacks targeting dozens of businesses, including clothing giant Fat Face and Shutterfly, as well as critical infrastructure such as the Irish healthcare service and other first-responders networks.
Now, after chat logs belonging to the threat group were leaked by an insider on 27 February this year, cyber researchers from Check Point Research (CPR) have gained more insights into the group’s organizational structure.
They operate like a tech firm
Imagine a threat group that is so well-organized that it has an HR department; a hiring process; offline office premises; salaries and bonus payments. Also the threat group:
- has a hierarchical and defined structure comprising team leaders who report to upper management
- employs specialized groups of HR, coders, testers, crypters, sysadmins, reverse engineers, offensive team, OSINT Specialists and Negotiation Staff
- operates in several physical offices in Russia
- offers compensation schemes such as monthly bonuses, fines (for underperformance), employee of the month, performance reviews
- employs a salary scheme as well as a commissions payment system based on a percentage of paid ransom amounts in Bitcoin.
- Illegally ‘borrows’ the CV pool of Russian-speaking headhunting services such as headhunter.ru and other sites such as superjobs.ru for talent hunting, but does not leave traces of developer job openings on such websites
- keeps workers anonymous and goes to such lengths to protect member identities
- is actively discussing future plans for an internal crypto exchange and a Dark Net social network
The social network was (tentatively) dubbed “VK for darknet” or “Carbon Black for hackers”, and may be developed as a commercial project. In July 2021, Conti was already in contact with a designer, who had produced a few mockups, according to the leaked chats.