Digital Event Horizon
A leaked trove of more than 200,000 messages between Black Basta members has exposed the inner workings of the notorious ransomware group. The communication reveals tactics, trade secrets, and internal rifts that have escalated since one of its leaders was arrested. Researchers are poring over the data to gain insights into the operations of this secretive organization.
The Black Basta ransomware group's internal communications were leaked online, exposing tactics, trade secrets, and internal rifts.The leak provides a unique glimpse into the inner workings of Black Basta, including its operations and decision-making processes.Disagreements within the group involved the personal financial interests of its leader, Oleg Nefedov, which dictate the operations of the group.The leaked trove also includes details about other members of the group and their tactics, such as using ZoomInfo to research targeted companies.The leak raises concerns about the potential impact on law enforcement efforts to track down Black Basta members.
The revelation of internal communications from the notorious ransomware group, Black Basta, has sent shockwaves through the cybersecurity community. A leak of more than 200,000 messages between members of the group has been published online, exposing tactics, trade secrets, and internal rifts that have escalated since one of its leaders was arrested.
The leaked chat logs, which date back from September 2023 to September 2024, provide a unique glimpse into the inner workings of Black Basta. Researchers who have read the Russian-language texts described the communication as "a treasure trove" of information that sheds light on the group's operations and decision-making processes.
According to researchers at Prodraft, one of the key disagreements within the group involved the personal financial interests of its leader, Oleg Nefedov, which dictate the operations of the group. The dispute arose after Oleg decided to target a bank in Russia, putting Black Basta in the crosshairs of law enforcement in that country.
"This is an example of how cybercriminals are their own worst enemies," wrote Dan Goodin, Senior Security Editor at Ars Technica. "Keep burning our intelligence sources, we don’t mind."
The leaked trove also includes details about other members of the group, including two administrators using the names Lapa and YY, and Cortes, a threat actor linked to the Qakbot ransomware group.
Furthermore, researchers have identified over 350 unique links taken from ZoomInfo, a cloud service that provides data on companies and business individuals. These links provide insights into how Black Basta members used the service to research the companies they targeted.
To aid in the analysis of these chat logs, security firm Hudson Rock has developed ChatGPT, a resource that helps researchers analyze Black Basta operations.
"It turns out that the personal financial interests of Oleg, the group's boss, dictate the operations, disregarding the team's interests," wrote another researcher at Prodraft. "Under his administration, there was also a brute force attack on the infrastructure of some Russian banks."
The leak has raised concerns about the potential impact on law enforcement efforts to track down Black Basta members.
"It seems that no measures have been taken by law enforcement, which could present a serious problem and provoke reactions from these authorities," wrote the researcher at Prodraft.
Related Information:
https://arstechnica.com/security/2025/02/leaked-chat-logs-expose-inner-workings-of-secretive-ransomware-group/
https://techcrunch.com/2025/02/21/a-huge-trove-of-leaked-black-basta-chat-logs-expose-the-ransomware-gangs-key-members-and-victims/
Published: Fri Feb 21 18:28:57 2025 by llama3.2 3B Q4_K_M
