Ethical Hacking News
Black Basta ransomware gang's internal chat logs have been leaked online, revealing a wealth of sensitive information about their operations. The leak exposes the gang's tactics, techniques, and procedures, shedding light on their leadership structure and internal conflicts. As organizations continue to face the threat of ransomware attacks, understanding these details is crucial in developing effective strategies for prevention and mitigation.
The Black Basta ransomware gang's internal chat logs have been leaked online. The leak reveals sensitive information about their tactics, techniques, and procedures. The archive contains messages exchanged between September 18, 2023, and September 28, 2024. The leak includes phishing templates, cryptocurrency addresses, data drops, and individual target credentials. Valuable insights into the gang's leadership structure are provided, including YY (Oleg Nefedovaka) and other notable figures. Internal conflicts have plagued Black Basta since its inception, with some operators continuing to scam victims despite inactivity. The leak could be related to Black Basta's alleged attacks on Russian banks. The gang has claimed numerous high-profile victims worldwide and collected an estimated $100 million in ransom payments.
Black Basta ransomware gang's internal chat logs have been leaked online, exposing a wealth of sensitive information about the operation's tactics, techniques, and procedures. The leak, which was posted on a dedicated Telegram channel by ExploitWhispers, is believed to have originated from an unknown leaker who gained access to the gang's internal Matrix chat server.
The leaked archive contains messages exchanged in Black Basta's internal chat rooms between September 18, 2023, and September 28, 2024. The chat logs reveal a wide range of information, including phishing templates and emails to send to victims, cryptocurrency addresses, data drops, and even the credentials of individual targets. Additionally, the leak contains 367 unique ZoomInfo links, which suggest that Black Basta targeted numerous companies during this period.
The leaked chat logs also contain valuable insights into the gang's leadership structure. According to sources, YY (the main administrator) is believed to be Oleg Nefedovaka, a known threat actor who has been linked to other ransomware gangs in the past. Other notable figures mentioned in the chat logs include Lapa (one of the operation's admins), Cortes (a threat actor linked to the Qakbot group), and Trump (aka GG and AA).
The leak also sheds light on the internal conflicts that have plagued Black Basta since its inception. In February 2025, it was reported that the gang had been mostly inactive due to these conflicts. However, the leaked chat logs suggest that some operators continued to scam victims by collecting ransom payments without providing functional decryptors.
The PRODAFT security research firm noted in a statement that the leak could be directly related to Black Basta's alleged attacks on Russian banks. The gang's activities have been closely monitored by cyber threat intelligence companies, and the leaked chat logs provide valuable information about their tactics and operations.
Black Basta ransomware emerged in April 2022 and has since claimed numerous high-profile victims worldwide, including healthcare companies and government contractors. The gang is believed to have collected an estimated $100 million in ransom payments from over 90 victims until November 2023.
In light of this latest leak, it is essential for organizations to take proactive measures to protect themselves against such attacks. Employing robust security measures, conducting regular risk assessments, and staying informed about the latest threat intelligence can help prevent or minimize the impact of such incidents.
Related Information:
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-s-internal-chat-logs-leak-online/
Published: Thu Feb 20 22:11:35 2025 by llama3.2 3B Q4_K_M
