CyberSecurity news
FlagThis
Dissent@DataBreaches.Net
//
Leaked internal chat logs from the Black Basta ransomware group have provided unprecedented insight into the tactics, planning, and operational methods of cybercriminals. The Veriti Research team analyzed these communications, uncovering the group's favored exploits, the security measures they routinely bypass, and the defenses they fear most. The leak, rivals that of the Conti ransomware gang, exposes Black Basta's meticulous study of potential victims and their sophisticated phishing and malware campaigns.
The analysis reveals Black Basta's focus on exploiting vulnerabilities in VMware ESXi, Microsoft Exchange, Citrix VPNs, and Fortinet firewalls. They actively discuss bypassing EDR, SIEM, and firewall protections to maintain persistence within compromised networks, leveraging cloud services for malware hosting and command-and-control infrastructure. Despite their skills, Black Basta members express frustration when EDRs, firewalls, and IP reputation monitoring disrupt their operations. A key member of Black Basta contended they had been able to elude law enforcement in mid-2024 with help from influential people.
References :
The analysis reveals Black Basta's focus on exploiting vulnerabilities in VMware ESXi, Microsoft Exchange, Citrix VPNs, and Fortinet firewalls. They actively discuss bypassing EDR, SIEM, and firewall protections to maintain persistence within compromised networks, leveraging cloud services for malware hosting and command-and-control infrastructure. Despite their skills, Black Basta members express frustration when EDRs, firewalls, and IP reputation monitoring disrupt their operations. A key member of Black Basta contended they had been able to elude law enforcement in mid-2024 with help from influential people.
Share:
References :
- VERITI: Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats
- DataBreaches.Net: Black Basta exposed: A look at a cybercrime data leak and a key member, “Tramp�
- www.csoonline.com: Ransomware access playbook: What Black Basta’s leaked logs reveal
- Information Security Buzz: VulnCheck Exposes CVEs from Black Bastas’ Chats
- Risky Business: Risky Business Talks interview with Will Thomas on the Black Basta leaks
- bsky.app: New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks.
- Virus Bulletin: Trend Micro researchers discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines.
- www.bleepingcomputer.com: Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware
- Secure Bulletin: Black Basta and CACTUS ransomware: shared BackConnect module signals affiliate transition
- flare.io: On February 20, 2025, the cybersecurity community received an unexpected stroke of luck as internal strife seemingly spread within the infamous Black Basta ransomware group.
Classification:
- HashTags: #BlackBasta #Ransomware #Cybercrime
- Company: Veriti Research
- Target: Various organizations
- Attacker: Black Basta
- Product: ransomware
- Feature: analysis of leaked chats
- Malware: Black Basta
- Type: DataBreach
- Severity: Major