Analyzing leaked internal communication logs, security researchers are piecing together how one of the most notorious ransomware groups infiltrates its victims. Black Basta, one of the most successful ransomware groups over the past several years, had a major leak of its internal communications recently. The logs provide a glimpse into the playbook of a high-profile ransomware group and its preferred methods for gaining initial access to networks, as analysis from security researchers shows.
“Key attack vectors used by Black Basta include scanning for exposed RDP [remote desktop protocol] and VPN services — often relying on default VPN credentials or brute-forcing stolen credentials to gain initial access — and exploiting publicly known CVEs when systems remain unpatched,” researchers from patch management firm Qualys wrote in an analysis of the leaked logs.
Meanwhile, cyber threat intelligence firm KELA has observed correlations between the 3,000 unique credentials present in the leaked logs and previous data dumps from infostealing malware, suggesting relationships with other threat groups who are collecting and then selling such data.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
