Nuked 
Hey tech enthusiasts! Buckle up because we’re about to dive into the wild world of cybercriminals, specifically a ransomware group that’s caught the attention of researchers everywhere.
Recently, a staggering leak of over 200,000 messages from the notorious Black Basta group has surfaced online, showcasing their strategies, secrets, and the internal squabbles that often plague these clandestine organizations. This valuable insight comes from communications shared via the Matrix chat platform from September 2023 to September 2024.
The motivation behind this leak? A retaliation move against Black Basta’s decisions to target Russian banks. The identity of the leaker remains a mystery, leaving us wondering if they were an insider or an external party who somehow infiltrated the group.
In 2024, the FBI teamed up with the Cybersecurity and Infrastructure Security Agency to alert us that Black Basta has attacked twelve of the sixteen critical infrastructure sectors of the U.S., impacting around 500 organizations globally.
A particularly alarming attack took place against Ascension, a healthcare system with 140 hospitals stretched across 19 states. Other notable victims include the likes of Hyundai Europe and the Chilean Government Customs Agency, showcasing the group’s rampant activity since its emergence in 2022.
As researchers sift through the leaked messages, it becomes clear: infighting within these organizations can lead to their downfall. Tensions escalated after the arrest of a group leader, causing friction between them and the current head, Oleg Nefedov. His questionable decisions, particularly targeting a Russian bank, have raised eyebrows and heightened risks for all involved.
Intriguingly, the leak reveals the inner workings and structure of Black Basta, naming members like Lapa, YY, and Cortes, who is connected to the Qakbot ransomware group. They’ve been utilizing ZoomInfo to gather intelligence on potential targets, and the chats even provided insights into their operational tactics.
In an interesting twist, security firm Hudson Rock has fed the transcriptions into ChatGPT to create a tool dubbed BlackBastaGPT, assisting in the ongoing investigation of their operations.
