Russian Officials Collaborate With A Black Basta Leader.

A new examination of stolen internal chat logs suggests that the Black Basta ransomware gang may have ties to Russian Officials. First identified in April 2022, Black Basta is a ransomware-As-A-Service (RaaS) organization that speaks Russian. Prior to it's activity sharply slowing down in recent months, it was a prolific threat group that targeted and victimized hundreds of organizations Worldwide. Why? Chat records that were leaked revealed the group's operational flaws.

Over 200,000 communications sent over a one year period are included in the breaches, which were posted last Month by @Exploit Whispers, a Telegram user. Although to his assertion is still unsubstantiated, Black Basta's purpoted attacks on Russian Banks served as the catalyst for the release. After examining the chat logs, researchers at the cybersecurity company Trillix found that Oleg Nefedov, also known as GG or Tramp, the head of Black Basta, might be working with Russian authorities.

According to the logs, Nefedov was arrested in Armenia in June of last year but was able to leave the country three days later. According to a chat conversation between GG and a person using the Moniker Chuck, This Extraction was purpotedly made possible by Russian authorities. GG stated in the chats that he made contact with senior officials in order to get through a "Green Corridor." 

Other details of Black Basta's operations appear to be revealed by the leaked messages, including the potential for the group to operate out of two physical offices in Moscow and the use of ChatGPT and other AI tools to create phishing emails, debug malware, rewrite ransomware scripts, and collect victim information.