The invasion has raised some interesting cyber partisan forces indeed as we have heard that Anonymous is targeting Russian infrastructure and may have taken down the Russian Defense Ministry. We are sure there are most campaigns going that have just not made the news yet. These are happening at a time when Russian faces heavy sanctions including being kicked from the SWIFT banking system and having their assets frozen, even in Switzerland.
Now, the malware research group VX-Underground has dropped a dump that claims to be 13 months of chat related to the Conti group. The dump included the message “Glory to Ukraine”. The dump contains a lot of interesting information including the fact that Conti used fake companies to try and get code signing certificates using meetings with security companies. We also see a confirmation that the Trickbot network is indeed closed and exactly what the group thinks about it. These items will be for unpacking later though.
The most interesting thing, to us, is that Conti seems to have chosen sides in the Russian invasion and they have sided with Russia. They have already made blog posts saying they fully support the invasion and will be using their tools and talent in retaliation to any cyber and military attacks. This is a bold statement considering the landscape of the current conflict. Fully supporting the invasion is sure to have put them at odds with other threat groups as well as some of their own customers. They could quickly find themselves the targets of an internal hacker war.
This thought might have crossed their minds as they recently changed the tone of their message. The latest from them states that they are non-aligned and condemn the war. They further state that they will retaliate if “the well being and safety of peaceful citizens will be at stake due to American cyber aggression” This is a much more targeted message, but we have to wonder if it is going to be enough to take them out of the crosshairs of groups that are opposed to the Russian invasion. A war between threat actor groups would be interesting to see if it spilled out into the public. We expect that law enforcement and security research groups would use the chaos and distraction to gain more insight into the groups and find more ways to break up their networks and infrastructure. It is sure to get interesting, and soon.