Network Battalion 65 hacker group (linked to Anonymous) used leaked Conti ransomware source code to create their own ransomware virus and carry out cyberattacks against Russia
Not so long ago, the NB65 group publicly boasted of leaking the source code of Kaspersky products and leaking 786 GB of VGTRK data, but in reality, all these loud statements turned out to be nothing more than a fiction, an inflated PR move for the Western press. In both cases, the leaks were a collection of junk information and files of no value.
Realizing his own hacking skills, NB65 didn’t think of anything else how to steal the code from the leak of a Ukrainian who merged the source code of the Conti encryptor and make his own locker (according to various sources, this is a certain information security expert who had access to the infrastructure of hackers or Ukrainian member of the hack group itself).
According to Intezer, the NB65 ransomware is 66.4% Conti code and was first uploaded to Virus Total on 2022-04-07. The ransomware virus uses the .nb65 extension.
As you might guess, the motive for their cyberattacks NB65 is a special operation of the Russian Armed Forces in Ukraine:
“We will not attack countries other than Russia. After Bucha, we decided to target certain companies that are owned by civilians, this will have an impact on Russia’s ability to function normally … Groups such as Conti and Sandworm, along with other Russian APTs, have been hitting the West with ransomware, attacks on supply chains for years (Solarwinds or defense contractors)”
Some activists with the manners of cybercrime, under the guise of rabid Western propaganda, decided, without waiting for any international investigations, to lynch and encrypt Russian companies. NB65 has been actively involved in cybercrime for more than a month … Western intelligence agencies are silent and close their eyes. But what about the fight against cybercrime?
Poor hackers may not know that the UK blocked the UN investigation into the incident in Bucha (why is it afraid of an international investigation?) and the same China, represented by Chinese Foreign Ministry representative Zhao Lijian, wisely urged all parties to exercise restraint, avoid unfounded accusations until the investigation of the incident is completed in Bucha.
Anonymous, due to its limitations, is not ready to collect data, analyze facts and draw conclusions.
Based on the statements of NB65, their attacks are aimed at ordinary people, citizens, companies in Russia. The goal of barbaric cyber attacks is to divide people in Russia, create panic and incite discontent in society.
230,000 emails from the Ministry of Culture of the Russian Federation / Министерство культуры Российской Федерации, which is responsible for state policy regarding art, cinematography, archives, copyright, cultural heritage, and censorship.
The story with Conti received an ironic continuation. Hackers from NB65 use leaked group sources to attack Russian companies.
Tenzor, Roskosmos and VGTRK were attacked by NB65 last month. Nearly 800GB of data was stolen from the latter, including almost a million letters. And now a modified ransomware from Conti has come into play. From the fresh tweet of the group, the advice of the SSK GAZREGION company to check their cars.
NB65 openly states that their attacks are in response to events taking place know where and are limited to Russian companies. In the light of the cipher used, the ransomvar-Stirlitz plums from Conti can be considered to have achieved their goal.