Apparent chat logs of black basta leaked?

Just like Conti, Black Basta is getting a taste of its own medicine. Whether its a disgruntled employee of the group or a researcher, I’m not willing to guess, and the article isn’t so sure either.

Black Basta has been talked about through TSB as well as other programs I’m sure including the security hour on 98.6 the mix, KKMX, International.

“On February 11, 2025, a major leak exposed BLACKBASTA’s internal Matrix chat logs. The leaker claimed they released the data because the group was targeting Russian banks. This leak closely resembles the previous Conti leaks.”

The leaked archive contains messages exchanged in Black Basta’s internal chat rooms between September 18, 2023, and September 28, 2024.

BleepingComputer’s analysis of the messages shows they contain a wide range of information, including phishing templates and emails to send them to, cryptocurrency addresses, data drops, victims’ credentials, and confirmation of tactics we previously reported on.

The leaked chats also contain 367 unique ZoomInfo links, which indicate the likely number of companies targeted during this period. Ransomware gangs commonly use the ZoomInfo site to share information about a targeted company, internally or with victims during negotiations.

The Black Basta Ransomware-as-a-Service (RaaS) operation emerged in April 2022 and has claimed many high-profile victims worldwide, including healthcare companies and government contractors.

Some of their victims include German defense contractor Rheinmetall, Hyundai’s European division, BT Group(formerly British Telecom), U.S. healthcare giant Ascension, government contractor ABB, the American Dental Association, U.K. tech outsourcing firm Capita, the Toronto Public Library, and Yellow Pages Canada.

These are several of the paragraphs, not in any order being that we skipped some things within the article, but might be of value to our readership.

Black Basta chat leak

Let’s see what the Jaws Picture Smart program says about this image. It says:

The image is a screenshot from a messaging app featuring a post by “ExploitWhispers in Shepot Home.” It discusses Black Basta, a group allegedly involved in hacking domestic banks in Russia. The post mentions the group’s potential border crossing and promises reliable information on them. It provides a link to a 47.55 MB file hosted on MEGA. The background has a pattern, and the timestamp at the bottom indicates the message was sent on February 11 at 19:59.

I can not get it to give me any more text. This is definitely interesting though, I guess we’ll have to see what happens with this group now.

We’ve not heard much of them for some time now, so could this be the end?

data leak

Since this is a data leak, this doesn’t affect us specificly unless the group turns against those they’ve gotten data from and jus releases everything. If we see more, we’ll be on the lookout.


Discover more from The Technology blog and podcast

Subscribe to get the latest posts sent to your email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.