Black Basta’s Leaked Chat Logs Reveal a Dangerous New Threat
Recent leaks from the ransomware group Black Basta have exposed a previously unknown brute-force framework called BRUTED. This tool automates credential-stuffing attacks against VPNs, firewalls, and Remote Desktop Protocol (RDP) applications, making it easier for cybercriminals to breach networks.
How BRUTED Works
According to researchers at EclecticIQ, BRUTED is designed to:
✅ Scan networks and identify edge devices from major vendors like Cisco, Fortinet, Palo Alto Networks, SonicWall, WatchGuard, and Citrix.
✅ Collect subdomain and IP information and extract SSL certificate details to fine-tune password guesses.
✅ Craft realistic HTTP/S requests that imitate legitimate VPN and RDP clients, making it harder for security teams to detect attacks.
This level of automation allows attackers to scale their credential-stuffing operations rapidly, increasing the risk for organizations with weak security practices.
Weak Passwords Are a Hacker’s Best Friend
Despite constant warnings from cybersecurity experts, many organizations still rely on weak, default, or reused passwords—a major factor in successful brute-force attacks.
Saeed Abbasi, manager of vulnerability research at Qualys, points out that Black Basta affiliates frequently exploit default VPN credentials or use stolen passwords to gain initial access.
"Leaked chat logs show attackers repeatedly taking advantage of weak credentials, proving that organizations continue to underestimate this risk," Abbasi warns. "This highlights the urgent need for stronger password policies, MFA enforcement, and continuous security audits."
The Irony: Black Basta Got Hacked Too
In a surprising turn of events, reports suggest that Black Basta’s own internal chat logs were leaked due to a brute-force attack. Allegedly, a hacker known as “Exploit Whispers” published the data after Black Basta targeted a Russian bank—violating an unspoken rule among cybercriminals to avoid attacking their own country.
Who Is at Risk?
Black Basta has a track record of targeting critical infrastructure organizations. According to CISA, the group has attacked 12 of the 16 government-designated critical sectors, including:
• Healthcare
• Manufacturing
• Financial services
How to Defend Against BRUTED
🔒 Use strong, unique passwords for VPNs and firewalls—avoid defaults and reuse.
🔑 Enable Multi-Factor Authentication (MFA) wherever possible to block unauthorized access.
📋 Regularly audit and rotate credentials for edge devices.
📊 Monitor logs for brute-force attempts and unusual login patterns.
With tools like BRUTED, cybercriminals are automating and scaling their attacks faster than ever. But with the right security measures, you can stay ahead and protect your organization from becoming their next target.
.png)
.png)