A significant data breach has exposed internal Matrix chat logs from the notorious Black Basta ransomware operation. The leak, shared by an individual known as ExploitWhispers, contains communications spanning September 2023 to September 2024.

Key Developments:
– The leak was initially posted on MEGA before being moved to a dedicated Telegram channel
– Cyber threat intelligence firm PRODAFT suggests the leak may be connected to Black Basta’s alleged attacks on Russian banks
– The group has been reportedly inactive since early 2025 due to internal conflicts

Leaked Content Analysis:
– Phishing templates and target email lists
– Cryptocurrency wallet addresses
– Victim credentials and data drops
– 367 unique ZoomInfo links indicating potential targets
– Information about key gang members, including:
* Lapa (Admin)
* Cortes (Qakbot group affiliate)
* YY (Main administrator)
* Trump/GG/AA (believed to be Oleg Nefedovaka, group leader)

Black Basta Impact:
– Emerged in April 2022 as a Ransomware-as-a-Service operation
– Compromised over 500 organizations between April 2022-May 2024
– Collected approximately $100 million in ransom payments
– Notable victims include Rheinmetall, Hyundai Europe, BT Group, Ascension Healthcare, and various government contractors

The leak resembles the 2022 Conti ransomware leak, where internal communications were exposed following the group’s pro-Russian stance during the Ukraine invasion.