ZDNet reports that while the Conti ransomware group has been a prolific force in cyber espionage engaging in significant network attacks and seeking millions of dollars in ransom payments, the ransomware gang has been operating like a typical organization, with its tester, coders, system administrators, and HR staff.
Internal chat logs leaked after Conti expressed support for Russia amid its invasion of Ukraine also revealed that some of the ransomware gang's members were not initially aware of being engaged in illegal operations, according to a Check Point report.
Researchers said that while the leak has been a major blow to Conti's operations, its employees will likely remain due to increasingly limited job opportunities stemming from sanctions imposed against Russia.
"The availability of potential positions in the legitimate tech sector in Russia for developers and pen testers have become much lower, so I think even the unwitting employees that now understand what they are doing, will move to cybercrime, as it will be difficult for them to find a legit job," said Check Point Software Threat Intelligence Group Manager Sergey Shykevich.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.