Flare

Black Basta Internal Chat Leak - initial observations On February 20, 2025, an unknown individual using the handle ExploitWhispers released a file allegedly containing a leaked internal chat from the cybercrime group Black Basta on Telegram. The file is a JSON dataset containing 196,045 messages, primarily in Russian, from a Matrix chat group from September 18, 2023, to September 28, 2024. A preliminary analysis suggests that most, if not all, of the data appears legitimate. However, as the leaker's identity and motivations remain unknown, the possibility of data manipulation cannot be ruled out. Black Basta is a ransomware-as-a-service (RaaS) group that emerged in April 2022 and has since targeted over 500 organizations worldwide, spanning sectors such as healthcare, manufacturing, and utilities. Notable victims include Ascension, Dish Network, Maple Leaf Foods, BT Group, and Rheinmetall. No new victims have been recorded since January 2025. The group was founded by Conti Team 3, also known as Tramp's (or Trump's) team (with no relation to the politician). Here are some of the first observations we made: ▪️ The group periodically changes Matrix servers for OSPEC reasons. In September 2024, the leader decided to migrate to a new server. ▪️ Black Basta operates as a highly structured and hierarchical entity with at least two offices working during Moscow business hours. 🔹 According to unverified claims from the leaker, the real identity of the group’s leader, Trump (aka gg), could be Oleg Nefedov. 🔹 Key members work together in the same offices, while remote work is rare and requires leader approval. In return, these members have a cook and dedicated drivers. The youngest members of the gang claimed to be 17 years old. ▪️ Each member specializes in different tasks, such as infrastructure management, initial access, malware and C2 obfuscation, development, and negotiations.  ▪️The group buys services from other cybercriminals, including crypting (the obfuscation of a payload), hosting, spam, and initial access to compromised networks. 🔹 Black Basta is constantly acquiring new exploits and vulnerabilities to expand its attack capabilities and is willing to invest significant sums in these efforts. 🔹 The group actively uses social engineering and call harassment techniques to gain access to corporate targets. ▪️In the spring of 2024, the leader planned to rebrand Black Basta and develop new ransomware, but the programmer hired to do this scammed him. The leader claims to have strong business connections that protect him, while members like “chuk” claim to be in contact with the Russian criminal defence attorney Arkady Bukh. 

🌟 Celebrating Women in Cybersecurity this #InternationalWomensDay 🌟 At Flare, we recognize the incredible contributions of women in cybersecurity—driving innovation, leading threat intelligence, and shaping the future of digital defense. Today, we celebrate the women on our team, in our community, and across the industry who are making a difference every day. Your expertise, resilience, and leadership inspire us all. Let's continue to break barriers, challenge norms, and build a more inclusive cyber world together. 💪🔍 #IWD #WomenInCyber #CyberSecurity

The attack surface is expanding, and third-party risk is a growing blind spot for CISOs. In the latest Cyber Defense Magazine, Flare CEO Norman Menz breaks down why 42% of companies don't detect their own breaches—and how CISOs can turn this challenge into an opportunity. 🔍 Third-party breaches cost 40% more than internal incidents 📉 62% of security leaders say lack of resources hinders TPRM ⚠️ Shadow data was responsible for 35% of breaches in 2024 From real-time vendor monitoring to proactive data classification, Norman outlines a practical framework for organizations to gain visibility, mitigate risks, and strengthen third-party partnerships. 💡 Read the full article in Cyber Defense Magazine's March edition: https://lnkd.in/eXihQrGQ #CyberSecurity #ThirdPartyRisk #CTEM #FlareIO #InfoSec

An unexpected turn on February 20, 2025 led the cybersecurity world to intriguing insights about the infamous Black Basta ransomware group. Dive into our latest blog unveiling more about their internal infrastructure here: https://lnkd.in/gKhn75vR Oleg L. #Cybersecurity #Flare #BlackBasta

Can extortion victims trust threat actors to delete the data they stole and not distribute it? In this Leaky Weekly newsletter, security researcher Nick Ascoli dug into multiple recent happenings in the cybercrime ecosystem including: • PowerSchool hack • Cracked & Nulled takedowns and arrests • Otelier data leak • DeepSeek data leak • ITRC 2024 Breach Report findings Read the newsletter to learn more about recent cybercrime events. #Cybercrime #Cybersecurity

Did you catch our Flare Academy training: Deep Privacy in the Age of the Panopticon: Opsec Fundamentals? Check out the questions the trainer Mitch C. answered: https://lnkd.in/gce5KAJs The next training, Deanonymizing Threat Actors, will be led by Nick Ascoli, and is on Tuesday March 18th at 11:00-1:00 PM ET. Sign up here: https://lnkd.in/gJHSaUUZ

Final Call: Secure Your Spot for the Flare Academy Cyber Investigations Workshop Time is running out to join Nick Ascoli and Baptiste Robert for an exclusive live session on advanced cyber investigative techniques. If you’re in threat intelligence, cybersecurity, or digital forensics, this is an opportunity you don’t want to miss. Date: March 18th Location: Live Online Session What You’ll Learn: ● Cross-platform identity linking to uncover hidden connections ● Linguistic pattern matching to detect threat actor signatures ● Mapping malicious infrastructure and identifying relationships ● Timeline reconstruction to analyze attack sequences ● Cryptocurrency transaction analysis to trace illicit activity This session will explore real-world case studies, common mistakes threat actors make, and how to maintain operational security while conducting investigations. Registration is still open. Secure your spot now! https://lnkd.in/ec8_MH3n #Cybersecurity #ThreatIntelligence #DigitalForensics #OSINT #Infosec

This Friday, Tammy Harper will be hosting a TI Friday at 12:30pm EST. Join us to chat about all things threat intel and to start unwinding for your weekend with a casual hangout in our Flare Academy Discord 😊 If you're not already in our Discord Community, click the link in the comments! #cyber #infosec #threatintel

How do you unmask cybercriminals without tipping them off? 🤔 Flare's next free training, Deanonymizing Threat Actors, is happening March 18th at 11 AM ET, and they asked me to help spread the word. Honestly I’d be sharing this one anyway, it’s too cool 😅 They even have Baptiste Robert from Predicta Labs joining the party!! Diving into OSINT techniques, digital footprint analysis, and the role of crypto in cybercrime… this one’s gonna be awesome. Check it out and register here: https://lnkd.in/gydw7aJH

Heading to the CCTX 7th Annual Symposium? Connect with Mark MacDonald and Moe Abufool on-site to learn how Flare provides your security team with actionable intelligence and automated remediation for threats across the clear & dark web. See you there! 📍Sheraton Centre, Toronto | March 5, 2025