DDoS Targets Ransomware Operator's Cobalt Servers
Industry: N/A | Level: Strategic | Source: BleepingComputer
Advanced Intelligence's (AdvIntel) CEO Vitali Kremez has discovered an anonymous user targeting Conti Cobalt Strike servers, whilst also providing anti-Russian messages. Although much of Conti's infrastructure has been shut down in May 2022, their Cobalt Strike infrastructure remains in use by former Conti members. As reported by BleepingComputer, the threat actor's Cobalt Strike servers get flooded with HTTP messages by username "Stop Putin!" The DDoSer has been targeting at least four ex-Conti Cobalt Strike servers and flooding the servers every two seconds. Offensive campaigns against threat groups have recently gained traction as the LockBit ransomware group had been targeted by a DDoS attack on August 19th, 2022, when the group attempted to leak data from Entrust. The operators being the attack against Conti's Cobalt Strike infrastructure is currently unknown.