A trove of chat logs linked to the infamous Black Basta ransomware group has been exposed online, offering critical insights into their operations and key members. These logs, spanning from 2023 to 2024, provide an unprecedented glimpse into the inner workings of the Russia-based gang, revealing their targets, exploits, and internal conflicts.
Black Basta has been linked to numerous cyberattacks on global businesses and critical infrastructure, including healthcare organizations and utility companies. The leaked logs expose key figures within the group, including “YY,” the administrator, and “Lapa,” another prominent leader. They also mention “Cortes,” a hacker linked to the Qakbot botnet, and “Trump,” believed to be an alias for Oleg Nefedovaka, once associated with the Conti ransomware group.
Intriguingly, the logs suggest that a 17-year-old may be among Black Basta’s members. Additionally, the logs contain over 380 links to company information hosted on ZoomInfo, indicating the gang’s meticulous research on potential targets.
The logs offer valuable details on Black Basta’s strategies, including phishing templates, exploits employed, cryptocurrency addresses for ransom payments, and victim negotiations. They also reveal conversations about the group’s concerns over geopolitical pressures and potential investigations by Russian and U.S. authorities.
Black Basta’s exploits targeted enterprise network devices, including routers and firewalls, and they boasted about their ability to breach networks using vulnerabilities in Citrix, Ivanti, Palo Alto Networks, and Fortinet software.
The exposure of these chat logs is a significant development in the fight against ransomware. They provide law enforcement agencies and cybersecurity researchers with vital information to track and disrupt Black Basta’s operations, potentially reducing their impact on victims and enhancing overall cybersecurity.
Original source: Read the full article on TechCrunch
