- The cat newspapers of the Black Basta Ransomware group were disclosed on Telegram
- The flight says it is a response to the group attacking Russian banks
- The data contains valuable information on the operation of the group
Internal discussion newspapers detailing the internal functioning of the Black Basta Ransomware group have just been disclosed online.
An individual (or a group) with the Alias exploitwhispers apparently drawn information from Matrix, an open source and decentralized communication protocol used for secure and real -time messaging. The matrix is often used for encrypted cats, making it popular with cybersecurity professionals, defenders of privacy, but also, unfortunately, cybercriminals.
Exploitwhispers first downloaded the archive to Mega, but after being lowered, they set up a dedicated telegram channel and disclosed it there.
Target national banks
“A place to discuss the most important news on Black Basta, one of the largest groups of health workers in Russia, who recently hacked national banks,” said Leakster on Telegram. “With such questions, we can say that they have crossed the border, so we are committed to revealing the truth and exploring the next steps of Black Basta. Here you can find information you can trust and read all the most important in a channel. »»
Anyone who has exploited Whissers, they were not satisfied with what Black Basta has been doing lately. They can be an unhappy member or a security researcher.
In any case, Black Basta targeted the Russian banks, which had not been well known with them.
The leak covers discussions between September 2023 and September 2024 and contains valuable information on the internal structure of the group.
An individual called Lapa is one of the administrators. Cortes is a threat player with links to the Qakbot group, Yy is the main administrator, and Trump is the key figure. There are a few indications that Trump’s real name could be Oleg Nefedov.
It also shows the group’s phishing models, emails, cryptocurrency addresses, data drops, victims’ identification information, etc.
By analyzing data emptying, BleepingCompute said that the archive also contains 367 unique Zoomfo links, which could indicate the number of companies targeted during this period.
Via Bleeping Compompute
