Black Basta’s Leaked Chats: Cybercrime’s Workplace
Drama
Who is Black Basta?
Black Basta is a ransomware gang that emerged in April 2022. Since then, they have carried out hundreds of ransomware attacks, targeting hospitals, banks, and other critical infrastructure.
But a recent leak of internal chat logs—potentially containing up to one million messages—has exposed how they operate, their financial disputes, and internal power struggles.
“We've talked about Black Basta before, but now we know more than we ever wanted to know about them.” – Taylor Wilkes-Pierce
What Did the Leaked Black Basta Chats Reveal?
- Hackers Complain Like Office Workers – Members vented about low pay, bad leadership, and difficult negotiations, just like any other workplace.
- Ransomware Discounts – The gang used a strategy of offering victims discounts on ransom payments to encourage faster payments.
- Internal Conflict Led to the Leak – The leak was allegedly caused by internal disagreements after Black Basta started attacking banks in Russia, angering members who feared retaliation.
The leaked messages were fed into AI models, allowing cybersecurity researchers to create "Black Basta GPT," an AI-powered tool that could summarize the gang’s tactics and strategies.
Salt Typhoon’s Telecom Espionage: A National Security Threat
Who is Salt Typhoon?
Salt Typhoon is a Chinese nation-state hacking group specializing in telecommunications espionage. Their infiltration of major U.S. telecom providers was uncovered in late 2024 by Cisco Talos.
How Did Salt Typhoon Infiltrate Telecom Networks?
Salt Typhoon used "Living off the Land" (LotL) tactics, which allowed them to:
- Exploit Cisco device vulnerabilities to gain entry
- Use stolen credentials and weak passwords to maintain access
- Delete logs and traces to evade detection
“If they’re inside telecom systems, they have access to everything—metadata, calls, even government communications.” – Tim Helming
How Serious is This Attack?
The infiltration of U.S. telecom networks is being described as one of the most significant cyber espionage operations in history, with potential implications for national security.
“This is just about as bad as it gets from an espionage standpoint.” – Tim Helming
Resources mentioned during the episode:
- Leaked Black Basta Chat Logs Show Banality of Ransomware
- Weathering the storm: In the midst of a Typhoon
Watch on YouTube
That’s about all we have for this week, you can find us on Mastodon and Twitter/X @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!
Heading
