Chat logs allegedly belonging to the Black Basta Ransomware group have leaked online, exposing key members of gangs with connections to Russia.
Chatlogs includes more than 200,000 messages from September 18, 2023 to September 28, 2024, shared by leakers with threat intelligence company Prodaft. The cybersecurity company said the leak was amid “internal conflict” within the Black Basta group, but some members allegedly failed to provide the victims with functional decryption tools despite their need to pay the ransom.
It is not clear that the leaker who used the alias “ExploitWhispers” on the telegram is a member of Black Basta Gang.
Black Basta is a prolific Russian ransomware gang that the U.S. government has contacted Hundreds of attacks on critical infrastructure and global operationswhose public victims include U.S. healthcare organizations improve,,,,, British utility Southern Waterand Great mountain tops outsourced in the UK. The leaked chat logs have never seen the appearance within the ransomware gang, including some of its unreported targets.
according to Post on XThe leaker said hackers “cross the line” by targeting Russian domestic banks.
“We are therefore committed to discovering the truth and investigating the next step in Black Basta,” the leaker wrote.
Targeted victims, vulnerabilities and teenage hackers
TechCrunch obtained a copy of the hacker chat log from Prodaft, which contains detailed information about key members of the ransomware gang.
These members include “YY” (the main administrator of Black Basta); “Rapa” (another leading leader of Black Basta); “Cortes” (hacker Link to Qakbot Botnet); and “Trump” (also known as “AA” and “GG”).
Hacker “Trump” is believed to be an alias used by Oleg Nefedovaka, who is a Prodaft researcher describe As the “main boss of the group”. Researchers link Nefedovaka to the now discontinued Conti ransomware group, Closed shortly after the internal chat log leaks After the gang announced support for Russia’s full invasion of Ukraine in 2022.
Leaked black basta chat log Refer to a member It’s like when they were 17 years old, TechCrunch had seen it.
By our count, the leaked chat contains 380 unique links related to the company information hosted on Zoominfo, a data broker that collects and sells access to the business and its employees, and the chat history shows These hackers used to study the hackers they targeted. The links also indicate the number of organizations the gang targeted over the 12-month period.
The chat log also reveals unprecedented insights into group operations. The messages include detailed information about Black Basta victims, copies of phishing templates used in cyber attacks, some vulnerabilities used by the gang, cryptocurrency addresses related to ransom payments, and related ransom demand and victims and hacker groups details of negotiations.
We also found chat logs of hackers discussing TechCrunch articles about ongoing Qakbot campaigns, Although the FBI’s earlier withdrawal operation aims to knock the infamous botnet off-line.
TechCrunch also found chat logs that named several previously unknown target organizations. This includes American auto giant Fisker fails; HealthTech provider Cerner Corp, now owned by Oracle; and UK travel companies Hotel Program. It is not clear whether the companies were damaged and no company responded to TechCrunch’s inquiries.
The chat log seems to show that the gang is in Take advantage of security errors in enterprise network devicessuch as routers and firewalls, which are located around the perimeter of a corporate network and act as digital gatekeepers.
Hackers have their ability to exploit vulnerabilities in Citrix Remote Access products to break into at least two corporate networks. The gang also talked about vulnerabilities in cyber attacks using Ivanti, Palo Alto Networks and Fortinet software.
Dialogues among members of the Black Basta also show that some in the group are concerned that Russian authorities should investigate geopolitical pressure. Although Russia has long been a safe haven for ransomware gangs, Black Basta is also concerned about the actions proposed by the U.S. government.
The group’s message after breach of the Ascension system warned that the FBI and CISA were “100% obligated” to participate and could lead to the agency “taking a strong stance on Black Basta”.
Black Basta’s Dark Web leaked website (used to publicly extort victims pay the gang’s ransom demand), was offline at the time of publication.
