Conti is one of the most prolific ransomware operations in the threat landscape today. In a recent act of retaliation against Conti’s leaders for their support of Russia, an anonymous person leaked documentation and internal chat logs from the group. This blog post series covers important phishing-related takeaways Cofense Intelligence analysts discovered in the leaks. In Part 3, we discuss elements of Conti’s phishing tactics and strategy.
Although the Conti group employs other malware operators to perform the work of sending malicious emails, it appears that the group provides the templates to use in the emails. Several English-language templates were included in the leaked Jabber chats, indicating a system that randomly chooses words or phrases from short lists. The templates included text that could produce a variety of wordings for email subject lines and bodies, along with a list of attachment names to choose from. Conti member “Lemur” contributed the following order-themed template in October: ...read more!
