An Ontario security software company says it has discovered a new affiliate of a ransomware gang that has pledged allegiance to Russia carrying out attacks with threat emulation technology.

Waterloo, Ont.-based eSentire says its threat response unit has been tracking an affiliate of Conti since August and discovered the group used Cobalt Strike in two attacks around Valentine's Day, as tensions between Russia and Ukraine were escalating.

The firm calls Cobalt Strike "the Swiss army knife of cyber intrusions" because the tool can replicate and launch sophisticated cyberattacks that can test security detections, protections and response systems, but is being used by threat actors to compromise IT environments and spread throughout networks. 

The threat response unit intercepted an attack using Cobalt Strike to try to breach an unnamed children’s charity and hours later, found it being used to target a legal firm. 

It says Conti is comprised of sophisticated ransomware developers and operators known for compromising and disrupting the operations of health-care organizations, emergency services, municipalities, oil transportation and electric companies and schools.

Conti claimed responsibility for a cyberattack on a Quebec smelter Rio Tinto operates earlier this month.