[ad_1]
Source who exposed Conti and TrickBot members claims to just be a good citizen
A dump of internal communications, personal media and damning evidence to Telegram has exposed the leadership of the Conti and Trickbot ransomware gangs.
The massive data dump, which began surfacing on Telegram on 5th May, includes thousands of internal chat logs, negotiation records, personal videos and even photographs of gang members celebrating aboard private jets.
In an encrypted chat with The Register, the anonymous leaker known as GangExposed described himself as an “independent anonymous investigator” who operates without a formal IT background, although security analysts believe he is not telling the whole truth.
GangExposed said he hasn’t “had a ‘real’ name in years.” Instead, he employs a blend of OSINT techniques, stylometry, linguistic analysis and classic intelligence methods to track the digital footprints of criminal syndicates.
He also claims to have access to high-value darknet databases, including the leaked Russian FSB border control system, which reportedly sold for $250,000.
GangExposed says he has used these tactics to piece together the identities of Conti’s elusive leadership – not for monetary gain, but out of a desire to rid society of criminals.
“I take pleasure in thinking I can rid society of at least some of them,” he said. “I simply enjoy solving the most complex cases.”
Despite the $10 million bounty offered by the US State Department for tips leading to key Conti figures, GangExposed claims he deliberately passed up the reward.
“Essentially I burned $10 million when I published Professor,” he said, referencing the leak of Vladimir Viktorovich Kvitko, a 39-year-old Russian national alleged to be a core leader of Conti.
The whistleblower’s first major revelation was the unmasking of Stern, believed to be the top figure of both Trickbot and Conti, as Vitaly Nikolaevich Kovalev, a 36-year-old Russian citizen. German law enforcement has since confirmed Kovalev’s identity.
Shortly after, he identified Vladimir Viktorovich Kvitko, who allegedly moved to Dubai in 2020 along with other Conti leaders to continue operating ransomware campaigns from within the UAE.
Leaked documents suggest that Kvitko lives a relatively modest lifestyle, though his income appears linked to RM RAIL Management Company and Rosselkhozbank, a state-owned Russian bank.
By contrast other Conti leaders, such as a figure named Target, are said to own luxury assets including a Ferrari, multiple Maybach cars and a high-end apartment in Moscow City.
In a video posted by GangExposed, six alleged Conti members are seen celebrating on a private jet, reportedly during Target’s birthday.
While Target’s full identity has not yet been released, GangExposed says he is next on the list.
Adding to the revelations, the leaker also named Andrey Yuryevich Zhuykov, aka Defender, Conti’s lead system administrator, and Mikhail Mikhailovich Tsaryov, known as Mango, a senior manager within the gang.
A new batch of 15 photos and a detailed profile on these members were posted last week.
“The respected authorities of the UAE strictly uphold their laws,” he wrote. “While they lack extradition agreements for cybercriminals, I’ve managed to prove that Conti used the UAE specifically for carrying out attacks.”
While GangExposed insists he is an outsider, some security analysts suggest otherwise.
“The data we’ve reviewed provides strong indicators that the source behind the leak is either an ex-member or a disgruntled insider from within the group,” said Nandakishore Harikumar, CEO of cybersecurity firm Technisanct, which owns FalconFeeds.
The firm analysed the leaked material and believes it presents viable leads for international law enforcement.
Harikumar said the leaks contain personally identifiable information of gang members, which could be crucial for arrests and sanctions.
[ad_2]
Source link
