Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Deciphering the Leaked Conti Ransomware Playbook

Private and confidential written on torn paper black background

Researchers recently obtained a leaked playbook linked to Conti, the Ransomware-as-a-Service (RaaS) group. It has revealed a plethora of information about the threat actors that also contains the Cobalt Strike manual that was referenced while creating the playbook.

Revelations from the leaked playbook

The sensitive playbook documents are believed to be leaked by a disgruntled partner of Conti. 

  • Researchers noted that the level of details included in the documentation could enable any low-skilled cybercriminal to perform cyberattacks.
  • The attackers use the Net command to list users and tools such as AdFind to identify users with Active Directory access, along with OSINT and LinkedIn to spot users with privileged access.
  • One of the main tools covered in the playbook is the threat emulation software Cobalt Strike. Additionally, other used tools are Armitage, SharpView, SharpChrome, and SeatBelt, among others.
  • The attackers also included details about exploiting the CVE-2020-1472 (Zerologon) vulnerability using Cobalt Strike.

This playbook is believed to have been reviewed and edited to make it simple to read for Russian-speaking users. Several open-source materials were referred to while compiling the document.

Who’s the leaker?

The alleged leaker goes by the moniker m1Geelka. These could be low-level partners of Conti.

  • Based on initial details from the leaker’s Telegram account, its team was not paid for the services and that the playbook leak was an act of vengeance.
  • But later, the partner stated that the documents were leaked to better understand Conti and not for revenge.
  • The leaked elements are only those components that could be identified by anti-virus and no private code elements were leaked.

Conclusion

The Conti playbook could be a crucial contribution to the security community as it offers a glance into the behaviors of these groups and the tools they tend to leverage while performing attacks. For researchers and security analysts, this is an opportunity to deploy the right logic in place to detect and mitigate such threats.

Source: https://cyware.com/news/deciphering-the-leaked-conti-ransomware-playbook-0affd74f

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Cyber Security

Using a vulnerability in MOVEit Transfer, hackers gained access to 8 to 11 million individuals’ ‘Users Data’ protected health information. Maximus, a US government contracting...

Cyber Security

Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word...

Cyber Security

A cybersecurity advisory issued Wednesday said that a major ransomware group had successfully exploited a previously unknown vulnerability in Progress Software’s MOVEit software. The...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO