In light of the US and UK decision to sanction 7 members of #Trickbot due to their parts in crafting and delivering #ransomware, I want to share a conversation between Bentley and Strix from the #ContiLeaks that happened a year ago this month.

New to #threatintel at the time (I still am!), it was a bit revelatory to see how methodical and thorough threat actors are about their work.

Sanction Information:
https://home.treasury.gov/news/press-releases/jy1256

https://www.gov.uk/government/news/uk-cracks-down-on-ransomware-actors

RT @fr0gger_@twitter.com

Finally released my slides from @BSidesMelbourne@twitter.com and @HCKSYD@twitter.com on using @msticpy@twitter.com and #python to explore and analyze the #ContiLeaks Jabber logs! Check them out for a practical approach to extracting relevant information! #cybersecurity #threatintel 🤓

https://speakerdeck.com/fr0gger/conti-leaks-practical-walkthrough-and-what-can-we-learn-from-it

Interesting post by @BushidoToken: "The Continuity of #Conti:" https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html

This year's proliferation of groups after #ContiLeaks reminds me of "The Trouble with Tribbles," except these are not fluffy and cute.

But trying to compare the infographic in this post to a mindmap Vitali Kremez had posted in August (https://twitter.com/VK_Intel/status/1557003350541242369) really hammers home how quickly some things have changed or evolved.

#ransomware #malware #BumbleBee

Zatím asi nejzajímavější přednáška je ke #ContiLeaks. Neslyšeli jste? Conti je v současnosti asi největší skupina kyberzločinců, kteří již na vyděračském malwaru (ransomwaru) vidělali přes 1.5 mld. dolarů. Většina je z Ruska hledaná FBI, dle úniku dat napojená na ruské FSB. 1/2

🐦🔗: https://nitter.eu/MarketkaG/status/1557474164805718024

Zatím asi nejzajímavější přednáška je ke #ContiLeaks. Neslyšeli jste? Conti je v současnosti asi největší skupina kyberzločinců, kteří již na vyděračském malwaru (ransomwaru) vidělali přes 1.5 mld. dolarů. Většina je z Ruska hledaná FBI, dle úniku dat napojená na ruské FSB. 1/2

Conti Ransomware Group Diaries, Part I: Evasion https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/ #Ne'er-Do-WellNews #Contiransomware #REvilransomware #TheComingStorm #HoldSecurity #Contibreach #Ransomware #alexholden #Contileaks #AllaWitte #Emercoin #trickbot #EmerDNS #Ukraine #Conti #Stern #Hof