Shortly after Russia launched its invasion of Ukraine, the notorious Conti ransomware group issued a statement warning that it was prepared to hit the critical infrastructure of Russia’s enemies in retaliation for potential attacks on Russia.

In response, an anonymous individual set up a Twitter account named “Conti Leaks” and started releasing files allegedly stolen from the cybercrime gang. The first round of leaks represented messages exchanged between members of the Conti organization in the past year. The second round included more chat logs, credentials, email addresses, C&C server details, as well as source code for the Conti ransomware and other malware.