Mysterious leaker outs Conti ransomware kingpins The Register

pexclusive A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews publishing a trove of internal files and naming namesppThe leaks include thousands of chat logs personal videos and ransom negotiations tied to some of the most notorious cyberextortion gangs believed to have raked in billions from companies hospitals and individuals worldwideppIts part of his fight against an organized society of criminals known worldwide GangExposed told The Register via Signal chat He claims that hes not interested in the 10 million bounty that the Feds have put up for information about one key Conti leader that hes already named as well as a second that he says will soon be identified on TelegramppI take pleasure in thinking I can rid society of at least some of them GangExposed said I simply enjoy solving the most complex casesppAfter creating his latest Telegram channel on May 5 GangExposed says two earlier accounts were shut down days ago he published his first revelation and outed Stern the leader of Trickbot and Conti as 36yearold Russian named Vitaly Nikolaevich Kovalev Sterns identity was later confirmed by German policeppI take pleasure in thinking I can rid society of at least some of themppA couple of days later GangExposed claimed to identify another key Conti crim who goes by Professor as Vladimir Viktorovich Kvitko a 39yearold Russian national who reportedly relocated from Moscow to Dubai According to chat logs and other communications leaked by GangExposed Kvitko and other Conti leaders moved to Dubai in 2020 and set up shop in the United Arab Emirates to continue their cyberattacks against Western organizationsppKvitko maintains a modest lifestyle with known property in Moscow and several vehicles registered to family members GangExposed posted Income mostly originates from RM RAIL Management Company and Rosselkhozbank In contrast other Conti leaders eg Target display significant luxury assets including a Moscow City apartment Ferrari and 2 multiple Maybach vehiclesppHe also published a video of what GangExposed says is six Conti ransomware members on a private jet celebrating the birthday of another key leader Target ppThe US government has offered up to 10 million for information leading to the identification or location of five key Conti operators including Professor and Target GangExposed says hes going to identify Target nextppEssentially I burned 10 million when I published Professor he told The Register And Im about to burn another 10 million when I publish TargetppAnd on Thursday he posted a whopping 15 photos of alleged Conti members along with a more detailed writeup of Contis lead sysadmin Defender aka Andrey Yuryevich Zhuykov and Mango aka Mikhail Mikhailovich Tsaryov a senior manager within the groupppThis is no longer just a leak its a highstakes intelligence warppThis is no longer just a leak its a highstakes intelligence war FalconFeeds threat intel analysts posted on social mediappGangExposed calls himself an independent anonymous investigator without any formal IT background and said he hasnt had a real name in yearsppMy toolkit includes classical intelligence analysis logic factual research OSINT methodology stylometry I am a linguist and philologist human psychology and the ability to piece together puzzles that others dont even notice he said I am a cosmopolitan with many homes but no permanent base I move between countries as needed My privacy standards are often stricter than those of most subjects of my investigationsppGangExposed says he obtained all of the data he leaked via semiclosed databases darknet services for probing state records through corrupt officials and I often purchase information I have access to the leaked FSB border control database which he says was being sold on the darkweb for 250000 ppHe hopes his investigation can achieve three objectives First he wants to publicly identify all of the gangs key criminal participants GangExposed puts this number at around 50 see them sanctioned and also named on Interpols wanted persons listppSecond GangExposed says he wants to disrupt their current enrichment schemes by exposing the organizers of the Blockchain Life forum which serves as a breeding ground for fraudulent pyramid schemes ppBlockchain Life according to the internal chat logs was a scheme organized by Khitrov and Kovalev aka Stern that aimed to legitimize Trickbots and Contis illegally obtained cryptocurrency earningsppFinally GangExposed says he wants to deprive them of a safe haven in the UAE The respected authorities of the UAE strictly uphold their laws and while they lack extradition agreements for cybercriminals Ive managed to investigate and prove that Conti used the UAE specifically for carrying out attacks In other words they physically committed a series of crimes while being present thereppSome security researchers think he could in fact be a disgruntled former ransomware criminal looking to burn his bosses or simply resurface the 2022 Conti leaksppThe data weve reviewed provides strong indicators that the source behind the leak is either an exmember or a disgruntled insider from within the group given the level of access context and internal coordination reflected in the communications Technisanct founder and CEO Nandakishore Harikumar told The Register Technisanct owns FalconFeedsppHarikumars threatintel group has analyzed all of GangExposeds leaks and shared a 34page analysis with The Register about the massive data dump He recommends that law enforcement pursue investigative leads from the newly disclosed personally identifiable information about key Conti leaders detailed in the leaks ppUpdate A previous version of the subheadline in this story misattributed the quote from an analystppSend us newsppThe Register Biting the hand that feeds ITpp
Copyright All rights reserved 19982025

p