Researchers who’ve read the Russian-language texts said they exposed internal rifts within the secretive organization which have escalated since one in every of its leaders was arrested since it increases the specter of other members being tracked down as well. The heightened tensions have contributed to growing rifts between the present leader, believed to be Oleg Nefedov, and his subordinates. One among the disagreements involved his decision to focus on a bank in Russia, which put Black Basta within the crosshairs of law enforcement in that country.
“It seems that the non-public financial interests of Oleg, the group’s boss, dictate the operations, disregarding the team’s interests,” a researcher at Prodraft wrote. “Under his administration, there was also a brute force attack on the infrastructure of some Russian banks. It appears that evidently no measures have been taken by law enforcement, which could present a significant issue and provoke reactions from these authorities.”
The leaked trove also includes details about other members, including two administrators using the names Lapa and YY, and Cortes, a threat actor linked to the Qakbot ransomware group. Also exposed are greater than 350 unique links taken from ZoomInfo, a cloud service that gives data about corporations and business individuals. The leaked links provide insights into how Black Basta members used the service to research the businesses they targeted.
Security firm Hudson Rock said it has already fed the chat transcripts into ChatGPT to create BlackBastaGPT, a resource to assist researchers analyze Black Basta operations.
