Featured

The mysterious Russian hacker behind the Conti network. The organization had physical offices and paid performance bonuses

Photo of Ashley Davis Ashley Davis29/06/2025
0 204 4 minutes read

An extensive international operation of the Cyber ​​Police identified on the leader of the Conti network, behind the most destructive ransomware programs in recent years. This is the Russian hacker Vitali Nikolaevici Kovalev, 36, the creator among others, of the Mailițios Trickbot software, which would have affected about 4% of companies around the world, reports El Pais.

Cyber ​​criminals photo shutterstock

Cyber ​​criminals photo shutterstock

The Conti network had 100 members, and was profit -oriented, working on projects, according to the Federal Criminal Police Office in Germany (BKA).

However, few of them could identify him, they did not even know his name, but only his two pseudonyms-“Stern” and “Ben”.

The cyber criminal group has obtained hundreds of millions of dollars from the malicious programs that have affected hundreds of thousands of systems in Germany and around the world; including public agencies, companies and individuals, BKA revealed. In 2020, at the height of the pandemic, hackers attacked several US hospitals and demanded redemptions of $ 10 million.

Russian hacker would live in Moscow photo via El Pais

Russian hacker would live in Moscow photo via El Pais

An investigation of the Cyber ​​Security Analysis Company Check Point Research has revealed more details about the network functioning, after obtaining internal documents from an interior source. Conti was organized as a technology company – with team leaders, departments and even a human resources office responsible for recruiting. The employees were paid in Bitcoin, bonuses were offered for the month's employee, and the group had even more physical offices.

The recruits were made on the Dark Web, but certain candidates were contacted based on stolen CVs from infected computers. Conti has hired programmers, IT engineers, cryptographers, system administrators, information specialists and negotiators.

“Some employees did not even realize that they work for a cyber organization. Not all employees knew they were taking part in criminal activities,” according to Check Point.

For example, in an interview that had online the manager told a possible candidate that “everything is anonymous here, the main direction of the company is software for testing the security systems with controlled attacks.”

At the end of an investigation for several years, the Endgame Operation, attended by several countries in Europe, along with the US and Canada, were identified the leader, Kobalev, and 35 accomplices, the brains behind the Qakbot and Danabot programs, two of the largest cyber threats.

Revolutionary programs in terms of ransomware

“Qakbot, in particular, is one of the oldest and most sophisticated Banking Trojans, active in 2007 and has been expanded over time to include functions such as credential theft, data theft And the distribution of ransomware, ”explains Mar Rivero, the head of the Security Department in Kaspersky.

Hackers in the criminal network have used Qakbot as a way to introduce extremely destructive ransomware, such as Conti or Revil. “One of his biggest stages was the participation in the infection chains that affected the government agencies and financial institutions in the US and Europe, causing millions of dollars and paralyzing critical operations,” explains the expert.

Qakbot, present for 15 years, was dismantled in 2023, following an international operation led by the US. But immediately a new version of this Trojan appeared. This type of computer virus is disguised in legitimate software to achieve access to target systems. The victim receives an email from his bank, which contains a download link. Once the software is installed, it begins to perform operations without the user's knowledge.

Instead, the other program, Danabot, is more recent. Active in 2018, it is promoted as Malware AS a Service (MaAS), which “allows many criminals, even for those without advanced knowledge, to enter the world of cyber crime, because they offer everything they need in exchange for very reasonable money,” explains Josep Albors, research director at ESET Spain.

For example, Danabot was successfully used in a Distributed Denial of Service (DDOS) attack against the Ministry of Defense shortly after the Russian invasion. “It has been used for both financial fraud and launching attacks in support of Russian interests. It is a good example of how criminal infrastructure can be used for both economic and geopolitical earnings,” says Adam Meyers, director of threatening operations at Crowdstrike.

Given the impact and ease of use of them, “it can be said that Qakbot and Danabot have significantly transformed the landscape of cyber threats,” says Jaimie Williams, a main researcher in information about threats at Palo Alto Networks. “These have allowed the malicious activity to expand to levels impossible to reach previously by individual actors.”

A snake with many heads

Following the Endgame operation, the hackers network was destroyed. and resulted in the destruction of 300 servers, 650 fields (unique web addresses) and the confiscation of over 3 million euros (3.5 million dollars) in cryptocurrencies.

“Both Danabot and Qakbot were malware as a service, which means that their infrastructure interruption affects not only their own criminal activities, but also all those who used these tools. Now they have lost access to the computers they had already compromised and which they controlled with these programs,” explains Geri,

Of the 36 persons identified by the Endgame Operation, 20 are targeted by international arrest warrants, while the remaining 16 were officially charged by the US Justice Department. However, since the vast majority live in Russia, there is little chance of being arrested.

“These bands tend to operate in countries that do not have extradition agreements and do not cooperate with Europol, Interpol or FBI. Until they make a mistake, it is very difficult to catch them,” explains Rafael LPEZ, security engineer at check point software.

“Many ransomware bands tend to reappear after a while. They often change their names to continue to operate,” notes Javier Vicente, a threat researcher at Zscaler.

The US and other countries are following Kovalev and his associates for several years, but he remains anonymous millionaire from Moscow, who leads an empire of cyber crime.

Photo of Ashley Davis Ashley Davis29/06/2025
0 204 4 minutes read
Photo of Ashley Davis

Ashley Davis

I’m Ashley Davis as an editor, I’m committed to upholding the highest standards of integrity and accuracy in every piece we publish. My work is driven by curiosity, a passion for truth, and a belief that journalism plays a crucial role in shaping public discourse. I strive to tell stories that not only inform but also inspire action and conversation.

Related Articles

Record money and Trump's political revenge. Massie says goodbye to Congress

4 weeks ago

Russia's attack on sums. Expert hard about Trump's reaction: agent, idiot or cynic

14/04/2025

Israel against the wall, the pressure on the binjamine of Netanyahu is growing. Europe can turn off the cock with money. “It's time”

26/07/2025

Ciucu excludes two names circulated for the position of technocrat prime minister: “It would resemble the Cioloș government, which was “cottonized””

03/05/2026

Leave a Reply

Your email address will not be published. Required fields are marked *

2022 © Automatic RSS News Aggregator KNews.Media. Company Name: KNEWS Media Group LLC Address: 160 Broadway, New York, NY 10038 United States
Back to top button