Ethical Hacking News
The leaked Black Basta chat logs reveal internal conflicts within the group and provide valuable insights into the tactics used by this notorious ransomware syndicate. Researchers are now analyzing the data to better understand the inner workings of the group and to help law enforcement agencies track down its members.
Leaked internal communications of Black Basta, a world-renowned ransomware syndicate, have been published online, exposing the group's inner workings. The leak is believed to be in retaliation for targeting Russian banks, highlighting growing tensions within the group since one of its leaders was arrested. Disagreements within the group led to a decision to target a bank in Russia, putting the team in the crosshairs of law enforcement and resulting in a brute force attack on Russian banking infrastructure. The leak also includes details about other members, such as two administrators using pseudonyms Lapa and YY, and a threat actor linked to Qakbot ransomware group. A security firm has created a resource to help researchers analyze Black Basta operations by feeding the chat transcripts into ChatGPT.
Black Basta, one of the world's most active ransomware syndicates, has been exposed through a leak of internal communications that have been published online. The leaked logs, which include over 200,000 messages exchanged between members of the group between September 2023 and September 2024, provide a unique insight into the inner workings of the group.
The leak is believed to be in retaliation for Black Basta's targeting of Russian banks, according to researchers who have read the Russian-language texts. The communications logs reveal internal rifts within the group that have escalated since one of its leaders was arrested. This has led to growing tensions between the current leader, Oleg Nefedov, and his subordinates.
One of the disagreements involved the decision to target a bank in Russia, which put Black Basta in the crosshairs of law enforcement in that country. It appears that personal financial interests dictated this operation, disregarding the team's interests. Furthermore, there was also a brute force attack on the infrastructure of some Russian banks.
The leaked trove also includes details about other members, including two administrators using the names Lapa and YY, and Cortes, a threat actor linked to the Qakbot ransomware group. Additionally, more than 350 unique links taken from ZoomInfo, a cloud service that provides data about companies and business individuals, have been exposed.
Security firm Hudson Rock has already fed the chat transcripts into ChatGPT to create BlackBastaGPT, a resource to help researchers analyze Black Basta operations. Researchers are poring over the data, feeding it into ChatGPT, and analyzing the insights gained from this unique leak.
The leaked chat logs expose internal rifts among cybercriminals, highlighting the challenges faced by law enforcement agencies in tracking down and apprehending these groups. The leak serves as a reminder that cybercriminals often become their own worst enemies, as seen with Black Basta's current predicament.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Leaked-Black-Basta-Chat-Logs-Exposing-the-Inner-Workings-of-a-Notorious-Ransomware-Group-ehn.shtml
https://arstechnica.com/security/2025/02/leaked-chat-logs-expose-inner-workings-of-secretive-ransomware-group/
https://techcrunch.com/2025/02/21/a-huge-trove-of-leaked-black-basta-chat-logs-expose-the-ransomware-gangs-key-members-and-victims/
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-s-internal-chat-logs-leak-online/
Published: Fri Feb 21 18:17:21 2025 by llama3.2 3B Q4_K_M
