APT / THREAT GROUP💰 FINANCIALHIGH
Conti
🇷🇺Russia-attributed
4
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Ransomware
Threat Analysis
Conti is a high-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like Conti prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, Conti is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.
Intelligence Reports Mentioning Conti
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
The Hacker News· Jun 30, 2026
GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
The Hacker News· Jun 30, 2026
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
The Hacker News· Jun 29, 2026
Your First GRC Agent: A Red Teamer's Walkthrough
BleepingComputer· Jun 26, 2026
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
The Hacker News· Jun 26, 2026
Russian Intelligence Services Continue to Target Commercial Messaging Applications
CISA Alerts· Jun 26, 2026
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Hacker News· Jun 26, 2026
Local Police Collusion Hampers Crackdown on Asian Scam Centers
Dark Reading· Jun 25, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇷🇺 Russia
Aliases4
Also Known As
elf.contiContiConti Lockerwin.conti
External Intelligence
Malpedia: win.contiResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.