Top ransomware gang's internal chat logs leaked online

News
By
published

Someone leaked Black Basta's chat logs

Ransomware
  • Chat logs from the Black Basta ransomware group were leaked on Telegram
  • The leaker claims this is a response to the group attacking Russian banks
  • The data contains valuable information on how the group operates

Internal chat logs detailing the inner workings of the Black Basta ransomware group were just leaked online.

An individual (or a group) with the alias ExploitWhispers has apparently pulled the information from Matrix, an open source, decentralized communication protocol used for secure and real-time messaging. Matrix is often used for encrypted chats, making it popular among cybersecurity professionals, privacy advocates, but also, unfortunately, cybercriminals.

ExploitWhispers first uploaded the archive to MEGA, but after it was pulled down, they set up a dedicated Telegram channel and leaked it there.

Targeting domestic banks

“A place to discuss the most important news about Black Basta, one of the largest groups of health workers in Russia, which recently hacked domestic banks,” the leakster said on Telegram. “With such matters, we can say that they crossed the border, so we are dedicated to revealing the truth and exploring the next steps of Black Basta. Here you can find information that you can trust, and read all the most important in one channel.”

Whoever ExploitWhispers is, they weren’t happy with what Black Basta was doing in recent times. They can either be a disgruntled member, or a security researcher.

In any case, Black Basta was allegedly targeting Russian banks, which didn’t sit well with them.

The leak covers chats between September 2023, and September 2024, and contains valuable information about the group’s internal structure.

An individual called Lapa is one of the admins. Cortes is a threat actor with links to the Qakbot group, YY is the main admin, and Trump is the key figure. There are some indications that Trump’s real name might be Oleg Nefedov.

It also shows the group’s phishing templates, emails, cryptocurrency addresses, data drops, victim credentials, and more.

Analyzing the data dump, BleepingComputer said the archive also contains 367 unique ZoomInfo links, which could indicate the number of companies targeted during this period.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
A close-up of an interent search bar with 'http://ww' visible

US government warns this popular CMS software has a worrying security flaw
A person holding out their hand with a digital AI symbol.

Norton boosts AI scam protection tools for all users
Cloud computing graphics.

Financial institutions must find opportunities in the cloud in the face of uncertainty
See more latest