Leaked chat logs expose inner workings of secretive ransomware group

by
Dan Goodin
from Ars Technica - All content on (#6VEQG)
Story Image

More than a year's worth of internal communications from one of the world's most active ransomware syndicates have been published online in a leak that exposes tactics, trade secrets, and internal rifts of its members.

The communications come in the form of logs of more than 200,000 messages members of Black Basta sent to each other over the Matrix chat platform from September 2023 to September 2024, researchers said. The person who published the messages said the move was in retaliation for Black Basta targeting Russian banks. The leaker's identity is unknown; it's also unclear if the person responsible was an insider or someone outside the group who somehow gained access to the confidential logs.

How to be your own worst enemy

Last year, the FBI and Cybersecurity and Infrastructure Security Agency said Black Basta had targeted 12 of the 16 US critical infrastructure sectors in attacks mounted on 500 organizations around the world. One notable attack targeted Ascention, a St. Louis-based health care system with 140 hospitals in 19 states. Other victims include Hyundai Europe, UK-based outsourcing firm Capita, the Chilean Government Customs Agency, and UK utility company Southern Water. The native Russian-speaking group has been active since at least 2022.

Read full article

Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments