The opportunity to work in the office or remotely, an HR team with strict rules for selecting candidates, performance control, career growth and bonuses – all this sounds like standard conditions offered to employees by IT companies. However, in this case we are not talking about a software company, but about the sensational cyber-extortion group Conti.
Last month, Conti, which, according to many information security experts, is based in Russia, expressed its support for the Russian government. This provoked the wrath of a Ukrainian hacker, who in retaliation posted recordings of the group’s internal chats, shedding light on how it functions.
As it turned out, Conti’s structure is no different from an ordinary IT company with developers, testers, system administrators, HR specialists and other employees.
The researchers of the Check Point information security company managed to identify a number of positions in Conti, starting with the personnel department responsible for hiring new employees, and ending with programmers, testers, cryptographers, whose duties include code obfuscation, and sysadmins working on creating an infrastructure for attacks. In addition, the group has an offensive team whose task is to turn the initial hacking into a full-fledged seizure of the entire attacked network, and negotiators engaged in discussing ransom with victims.
Many employees got into Conti thanks to advertising on hacker forums, but some were also hired in a more traditional way – through recruiting services, job offer sites, etc. As in any company, applicants are interviewed.
Interestingly, some employees hired by Conti do not know that their work is illegal, at least initially. Some are informed during the interview that they will develop tools for penetration testing.
Judging by the leaked chats, one of the employees, who gave his real name, asked the manager what kind of software they were developing and why the staff was so concerned about their anonymity. The manager replied that the employee’s task is to develop a backend for analytical software. And there were several dozen such unsuspecting developers in the group.
Some of them later discovered that they were involved in cybercrime activities. In such cases, managers offered them a salary increase, and many decided to continue working.
Although most of the work was organized online, some employees worked in offices and workspaces in Russian cities.
However, despite the shameful leak of its chats, Conti is unlikely to cease its activities. Some employees will certainly quit, but many of those who initially did not know about the nature of their work will prefer to stay, not wanting to part with a good salary. Moreover, in the conditions of sanctions, it will be difficult for them to find a good job abroad.