Internal chats from an overseas hacker group have been leaked on social media, revealing that they have been exploiting widely-used meeting systems to “hijack” users, with Japanese companies among their targets. The chats were analyzed by a Japanese security firm, which found discussions expressing concern over potential human harm from cyberattacks on medical institutions. Experts noted that gaining insight into the hackers’ internal operations is rare and could inform new defense strategies.
The security firm Mitsui Bussan Secure Directions (MBSD) in Tokyo analyzed the leaked chats, believed to belong to the Russian-speaking hacker group “Black Basta.” The chats, covering about a year from September 2023 to September 2024, surfaced on the app Telegram in February. Black Basta, active since April 2022, has reportedly extorted at least $100 million from organizations in the West using ransomware.
The chats, mainly in Russian, detail methods of attack. Instructions included gathering large numbers of contacts using Microsoft Teams and posing as IT representatives to carry out fake security procedures. In a past attack on an English-speaking company’s staff, the hackers sent about 1,000 spam emails in 50 minutes, then impersonated IT personnel via Teams to get victims to install remote-control software under the guise of troubleshooting.
The analysis revealed that Japanese companies were also targeted. In one instance, a conversation indicated attempting to negotiate with a major glass manufacturer by threatening to leak information if a ransom wasn’t paid. Other potential targets included a major electronics manufacturer, a large construction company, and several small to medium enterprises.
In a May attack on a major U.S. healthcare provider, hackers expressed concern upon learning of communication disruptions, fearing it might cause patient harm, such as the death of children
by MagazineKey4532