As the Russo-Ukrainian war continues to rage on, the cyberwar at the conflict’s background has entered a new stage – and now the source code of the Russia-affiliated malware group Conti has been leaked.
A Ukrainian security researcher who goes by the handle “Conti Leaks” is said to be responsible for leaking the malware’s code. The researcher chose to leak the data out of revenge, particularly after Conti publicly announced that it would side with Russia and launch retaliatory cyberattacks against those who would attempt to hack Moscow.
On March 20, Conti Leaks uploaded Conti’s version 3 source code to antivirus software and information aggregator VirusTotal and posted a link on Twitter. Version 3 was last modified on January 25, 2021, which makes it at least one year newer than the last version.
To check the veracity of the source code, BleepingComputer compiled the source code and found no issues, managing to recreate the ransomware as executables.
This is not Conti Leak’s first retaliatory action against Conti; last month, the researcher shared nearly 170,000 internal chat conversations between Conti gang members from January 21, 2021, to February 27, 2022, with the public. Shortly after, Conti Leak also uncovered and shared old Conti ransomware source code dated September 15, 2020.
Although uploading Conti’s source code to VirusTotal would allow more antivirus software and cybersecurity researchers to recognize the ransomware, BleepingComputer has warned that the leak could have “disastrous effects” on corporate networks and computers, since other threat actors could use the leaked code to create their own malware. The IT news portal pointed to other malware whose source codes have been leaked – namely Hidden Tear and Babuk – and led to dangerous ransomware offshoots such as Rook and Pandora.
“With the continued leaks of the Conti ransomware gang's source code, it is only a matter of time until other threat actors use it to launch their own operations,” BleepingComputer warned.
