Chat logs from September 2023 to September 2024, which included 367 distinct ZoomInfo links were exposed.
Internal chat logs allegedly belonging to the Black Basta ransomware-as-a-service operation have been leaked.
According to BleepingComputer, the threat actor ExploitWhispers leaked the logs in retaliation to the ransomware gang's targeting of Russian banks.
Cyber threat intelligence firm PRODAFT said in a series of posts on X that internal Matrix chat logs from September 2023 to September 2024, which included 367 distinct ZoomInfo links were exposed. They also said that Black Basta also had information regarding its lead administrator YY and administrator Lapa, as well as Qakbot-linked threat actor Cortes revealed.
Further analysis of the exposed messages by BleepingComputer also showed Black Basta's phishing templates, victim credentials, and cryptocurrency addresses. Such a development comes amid internal strife within Black Basta, which has resulted in dormancy since the beginning of the year.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
