- On Telegram, the Black Basta malware group’s talk reports were leaked.
- The motif claims that this is a response to Russian bank attacks by the group.
- The information provides important insight into how the organization functions.
Internal chat logs that detail the inner workings of the Black Basta group were really released online.
Exploit Whispers, an anonymous user who goes by the name Exploit Whispers, has apparently extracted the data from Matrix, an open source, decentralized communication protocol used for secure and real-time messaging. Matrix is often used for encrypted messages, making it popular among security experts, privacy activists, but also, unfortunately, scammers.
ExploitWhispers initially made the archive available for download on MEGA, but after it was removed, they created a separate Telegram channel and leaked it it.
Targeting private institutions
The leaker wrote on Telegram that the site is” a place to discuss the most important information about Black Basta, one of the largest groups of health workers in Russia, which recently hacked home businesses.” We can safely say that they have crossed the border with such things, so we are dedicated to uncovering the truth and looking into Black Basta’s next ways. Here you can learn all the most crucial information in one place, with knowledge you can trust.
Whoever ExploitWhispers is, they were unhappy with Black Basta’s new actions. They can either be a angry representative, or a security scholar.
In any case, Black Basta was reportedly targeting Russian businesses, which didn’t sit well with them.
The hole covers conversations between September 2023, and September 2024, and contains valuable information about the group’s inside architecture.
One of the administrators is a person by the name of Lapa. Trump is the main number, YY is the main administrator, and Cortes is a risk professional with connections to the Qakbot group. Some examples point to the possible real name of Trump as Oleg Nefedov.
It also shows the team’s phishing templates, emails, crypto names, data drops, sufferer credentials, and more.
BleepingComputer said that the archive also contains 367 exclusive ZoomInfo links, which may indicate the number of businesses targeted during this time by looking at the data dump.
Via