Unidentified hacktivists are attacking the servers of Cobalt Strike, which is run by former members of the cyber group Conti. Attackers leave anti-Russian messages and try to interfere with the operations of their opponents.
In June, we wrote that the operators of the Conti ransomware turned off the remnants of the public infrastructure. Then the group took two servers offline in the Tor network. The compromised data vault had been shut down a month earlier.
Despite this, cybercriminals continued to use the Cobalt Strike infrastructure to carry out new ransomware attacks.
Now, unknown hacktivists are monitoring the C&C of ex-Conti members and attempting to control payloads on compromised hosts, allowing lateral movement across the network.
By flooding opponents’ servers, cybercriminals use interesting computer names – “Stop Putin!” and “Stop the war!”. Vitaly Kremets posted a screenshot of what it looks like:
According to the researcher, such messages flood the servers with a huge stream every two seconds. It is still difficult to say who exactly