Private jets, luxury cars and premium apartments – they pose as investors, but even the seemingly anonymous world of the internet couldn’t hide them. Members of the once-feared hacker group Conti were exposed by the activist collective GangExposed.
At first glance, it looks like the life of successful startup founders or Forbes-listed investors: private jets, trips to Dubai, luxury watches and penthouse parties. Their Instagram profiles could easily compete with those of top influencers in exotic locations. But there’s one catch: behind the luxurious lifestyle, there is no promising startup or investment platform. Instead, it’s about extortion, data theft, paralyzed hospitals, and millions stolen across the world.
Ransomware groups have existed since the early days of the internet. Typically, they break into a company’s infrastructure, encrypt sensitive data, and demand a ransom. Even Slovakia has recently experienced this on a large scale, when hackers encrypted the entire database of the Geodesy, Cartography and Cadastre Authority.
According to available information, the attackers demanded an eight-figure amount to return the data. The general rule is: don’t negotiate with criminals. But the reality is often different. At Binary Confidence, we’ve seen companies that chose to pay the ransom – because the reputational and financial risks were simply too great. There is no guarantee you’ll get your data back – but for the gangs, this often means enormous payouts.
The now-defunct but once highly active Conti group was behind hundreds of cyberattacks worldwide. Although it no longer exists under that name, its members are still active – and as recent revelations show, they’re now enjoying their stolen wealth, pretending to be successful entrepreneurs.
„Kryptomág“ Sergei alebo Olegov penthouse v Moskve
One of them is Sergei Khitrov, known in Conti as “Stanton,” the group’s second-highest-ranking member. In one of the leaked videos, Sergei is seen traveling in luxury to the birthday party of his boss, codenamed “Target.” Khitrov spent a lot of time in the United Arab Emirates, where the group relocated, posing as a successful crypto expert. His investment platform served as a money-laundering tool for millions stolen via Conti ransomware attacks.
Another example is Oleg Fakeev, aka “White,” who proudly shows off his white Lamborghini and luxury apartment in downtown Moscow on social media. He has also been confirmed as a member of the Conti group.
When plastic surgery isn’t enough – stylometry reveals the truth
The members of the Conti group were gradually exposed by the anonymous Telegram channel GangExposed @RansomHunterThis channel has been publishing extremely detailed data on members of Conti, Black Basta, and Trickbot. Just days after the leaks, Interpol and German police issued arrest warrants– clear evidence that the leaked data is credible.
The leaked information includes resumes, passports, home addresses, travel records, and more. One of the members, Vitaly Nikolaevich Kovalev, aka “Stern,” even underwent plastic surgery to hide his identity – unsuccessfully.
An interesting example is the user “Devman.”GangExposed analyzed thousands of his publicly available posts and compared them to the previously leaked Conti chats. The writing style matched perfectly. They also added physical characteristics, slang, and self-descriptions. After being exposed, Devman began deleting his messages and threatening the group’s admins – ironically confirming his identity even more.
We monitor the hackers – so you don’t have to
Cybercrime is no longer the domain of a few hoodie-wearing geeks. It’s a global business with billions in revenue. Groups like Conti operate like real corporations – with HR departments, management, attack playbooks, internal communications, and even bonus systems. That’s why they should never be underestimated. Besides technical security, you need protection from people who understand who the attackers are, how they operate, and why they’re targeting you.That’s what we do.
If you suspect your systems may have been compromised – or want to strengthen your defenses proactively – get in touch with us. We know who we are dealing with. And we know how to defend ourselves. We are the first company in Slovakia to start providing services of the Security Operations Center (SOC) and years we have been actively protecting against cyber threats.We also closely monitor the behind-the-scenes activities of various hacking groups. We are connected to multiple sources, including intelligence databases, analytical networks, and we also monitor channels that help detect cybercriminals.
The project funded through grant agreement number 101145856 is supported by the European Cybersecurity Competence Centre.
