The Threat CodexJan 20
How Two Leaks Unmasked the Criminal Network of Yalishanda aka Media Land, and BlackBasta
#Yalishanda #BlackBastaGroup
https://analyst1.com/infrastructure-in-the-shadows/
The Threat CodexOct 18
Lessons from the BlackBasta Ransomware Attack on Capita
#BlackBastaGroup
https://blog.bushidotoken.net/2025/10/lessons-from-blackbasta-ransomware.html
Lessons from the BlackBasta Ransomware Attack on Capita

CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security

The Threat CodexJun 18, 2025
A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator
#BlackBastaGroup #tinker
https://intel471.com/blog/a-look-at-tinker-black-bastas-phishing-fixer-negotiator
A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator

The leader of the Black Basta ransomware group employed a trusted, experienced cybercrime actor nicknamed Tinker who he relied on for phishing content,…

Intel 471
The Threat CodexJun 10, 2025
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict
#BlackBastaGroup #BlackSuitRansomware #JavaRAT
https://www.rapid7.com/blog/post/2025/06/10/blacksuit-continues-social-engineering-attacks-in-wake-of-black-bastas-internal-conflict/
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict | Rapid7 Blog

Despite a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024, Rapid7 has observed sustained social engineering attacks. Evidence suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed its members.

Rapid7
The Threat CodexMar 17, 2025
Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices
#BlackBastaGroup
https://blog.eclecticiq.com/inside-bruted-black-basta-raas-members-used-automated-brute-forcing-framework-to-target-edge-network-devices
Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices

Arda Buyukkaya reveals how the Black Basta Ransomware-as-a-Service (RaaS) group used an automated brute forcing framework to target edge network devices of its victims.

The Threat CodexMar 3, 2025
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
#BlackBastaGroup #CACTUS #QBACKCONNECT
https://www.trendmicro.com/en_us/research/25/b/black-basta-cactus-ransomware-backconnect.html
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

Trend Micro
The Threat CodexMar 2, 2025
BlackBasta Leaks: Lessons from the Ascension Health attack
#BlackBastaGroup
https://blog.bushidotoken.net/2025/02/blackbasta-leaks-lessons-from-ascension.html
BlackBasta Leaks: Lessons from the Ascension Health attack

CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security

The Threat CodexFeb 27, 2025
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
#BlackBastaGroup #CVE_2023_6875 #CVE_2024_3400 #CVE_2024_27198 #CVE_2024_24919 #CVE_2024_23897 #CVE_2024_1709 #CVE_2023_4966 #CVE_2023_42793 #CVE_2023_36845 #CVE_2023_36844 #CVE_2023_29357 #CVE_2023_22515 #CVE_2023_20198 #CVE_2022_41082 #CVE_2022_41040 #CVE_2022_37042 #CVE_2022_30525 #CVE_2022_27925 #CVE_2022_26134 #CVE_2022_22965 #CVE_2022_1388 #CVE_2021_44228 #CVE_2021_26855
https://www.greynoise.io/blog/greynoise-detects-active-exploitation-cves-black-bastas-leaked-chat-logs
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs

Ransomware group Black Basta’s chat logs were leaked, revealing 62 mentioned CVEs. GreyNoise identified 23 of these CVEs as actively exploited, with some targeted in the last 24 hours.

The Threat CodexFeb 21, 2025
Black Basta ransomware gang's internal chat logs leak online
#BlackBastaGroup
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-s-internal-chat-logs-leak-online/
Black Basta ransomware gang's internal chat logs leak online

An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation.

BleepingComputer
The Threat CodexDec 9, 2024
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
#BlackBastaGroup
https://www.rapid7.com/blog/post/2024/12/04/black-basta-ransomware-campaign-drops-zbot-darkgate-and-custom-malware/
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware | Rapid7 Blog

Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators.

Rapid7