An analysis of over 200,000 leaked internal messages from the Black Basta ransomware group covering September 2023 to September 2024 has revealed potential links to Russian authorities and detailed insights into the groups cyber operations, The Hacker News reports.
One of the most significant findings from the leaked conversations, which were published by a Telegram user and analyzed by cybersecurity firm Trellix, suggests that Black Basta's leader, Oleg Nefedov, may have received assistance from high-ranking Russian officials after being arrested in Armenia in June 2024. The chat indicates that he secured his escape through a green corridor within three days. The messages also indicate that Black Basta operates two offices in Moscow and uses ChatGPT for fraud, malware development, and debugging. Some members appear to have connections with other ransomware groups, including Rhysida and CACTUS. Black Basta also appears to have invested in new tools, such as BRUTED, a brute-force framework used to scan the internet for vulnerabilities in firewalls and VPNs. The gang also developed Breaker, a post-exploitation command-and-control framework used to maintain persistence in compromised networks. Additionally, evidence suggests Black Basta collaborated on a new ransomware prototype based on Contis source code, potentially signaling a rebranding effort.
