The leaked Black Basta chat logs, spanning 190,000 messages from 2023–2024, expose the group’s internal operations, structure, and tools. They reveal disciplined workflows, Microsoft Teams-based phishing, weaponized XLL payloads, CVE weaponization, and heavy reliance on Cobalt Strike with a custom “Coba Proxy” infrastructure for stealth. Members coordinated malware development, infrastructure, and ransom negotiations like a corporate entity, often debating strategy and finances. Logs highlight reconnaissance via OSINT and credential dumps, social engineering through RMM scams, and negotiation tactics against high-value victims, including healthcare providers. The leak suggests internal disputes may threaten Black Basta’s stability.

Join for free to read