CyberSecurity news
FlagThis - #blackbasta
|
Dissent@DataBreaches.Net
//
Leaked internal chat logs from the Black Basta ransomware group have provided unprecedented insight into the tactics, planning, and operational methods of cybercriminals. The Veriti Research team analyzed these communications, uncovering the group's favored exploits, the security measures they routinely bypass, and the defenses they fear most. The leak, rivals that of the Conti ransomware gang, exposes Black Basta's meticulous study of potential victims and their sophisticated phishing and malware campaigns.
The analysis reveals Black Basta's focus on exploiting vulnerabilities in VMware ESXi, Microsoft Exchange, Citrix VPNs, and Fortinet firewalls. They actively discuss bypassing EDR, SIEM, and firewall protections to maintain persistence within compromised networks, leveraging cloud services for malware hosting and command-and-control infrastructure. Despite their skills, Black Basta members express frustration when EDRs, firewalls, and IP reputation monitoring disrupt their operations. A key member of Black Basta contended they had been able to elude law enforcement in mid-2024 with help from influential people. Recommended read:
References :
@www.the420.in
//
A significant leak of internal chat logs from the Black Basta ransomware gang has surfaced online, exposing the group's inner workings. TechCrunch obtained a copy of the chat logs, which reveal internal strife, financial disputes, and operational details spanning from September 2023 to September 2024. The exposed communications shed light on the gang's key members, targeted organizations, exploits, and even their fears of government intervention, with one leaker alleging the group "crossed the line" by targeting Russian domestic banks.
The leaked chat logs provide insights into Black Basta's structure, including administrators and hackers linked to the Qakbot botnet. One member, known as "Trump" or "AA" and "GG," is believed to be Oleg Nefedovaka, potentially the group's main boss with connections to the defunct Conti ransomware group. The leak has also exposed Black Basta's phishing templates, victim credentials, and cryptocurrency addresses. The exposure of this sensitive information could significantly disrupt the gang's operations and assist cybersecurity professionals in understanding and mitigating Black Basta's tactics. Recommended read:
References :
securebulletin.com@Secure Bulletin
//
New research indicates a connection between the Black Basta and Cactus ransomware gangs, with both groups employing similar social engineering attacks and the BackConnect proxy malware to gain persistent access to corporate networks. Trend Micro researchers have highlighted how both ransomware groups utilize the BackConnect (BC) module to maintain control over infected hosts and exfiltrate sensitive data. The use of QBACKCONNECT suggests a close working relationship between Black Basta and the QakBot developers.
The BackConnect module, tracked as QBACKCONNECT due to its overlaps with the QakBot loader, grants attackers a wide range of remote control capabilities. This allows them to execute commands, steal sensitive data, such as login credentials, financial information, and personal files. Researchers observed a CACTUS ransomware attack that mirrored Black Basta's methods in deploying BackConnect, but extended their operations to include lateral movement and data exfiltration. Recommended read:
References :
Amar Ćemanović@CyberInsider
//
Ascension Health, a major healthcare provider, has confirmed a significant data breach impacting 5.6 million patients following a ransomware attack in May. The attack, attributed to the Black Basta ransomware group, involved the exfiltration of sensitive data including medical records, financial details, insurance information and government IDs, alongside personal identifiers. The cyber incident caused considerable disruption across Ascension's 140 hospitals, impacting critical operations. The breach was discovered May 8th after unauthorized access to systems in February and is considered one of the largest healthcare data breaches of the year.
The exposed data included a variety of sensitive information, including medical record numbers, dates of service, and payment details like credit card and bank account information. Also exposed were Social Security numbers, driver's license numbers, and passport details. While patient data was compromised, the core Electronic Health Records system was not affected. Ascension is offering affected individuals 24 months of credit and CyberScan monitoring, along with a $1,000,000 insurance reimbursement policy and ID theft recovery services. Recommended read:
References :
BushidoToken (noreply@blogger.com)@blog.bushidotoken.net
//
BlackBasta ransomware group's attack on Ascension Health, one of the largest healthcare providers in the US, has been brought to light by leaked chat logs. The incident, which occurred in May 2024, significantly disrupted services and involved the exfiltration of 1.4TB of data and encryption of over 12,000 servers. The BlackBasta gang gained initial access months prior to deploying the ransomware, starting around November 2023, using phishing and password guessing techniques to compromise 14 email addresses of Ascension Health employees.
These leaked chat logs provide researchers a unique opportunity to understand the inner workings of the Russia-based cybercrime enterprise. The BlackBasta gang, consisting of former Conti ransomware members, exhibits similar operational structures. Veriti Research analyzed the leaked communications, revealing that BlackBasta exploited vulnerabilities in VMware ESXi, Microsoft Exchange, Citrix VPNs, and Fortinet firewalls, and Active Directory. The gang also uses cloud services for malware hosting and adjusts tactics to evade detection, while expressing frustration when EDRs, firewalls, and IP reputation monitoring disrupt their operations. Recommended read:
References :
|