A Groundbreaking AI Tool for Cybersecurity Research
Hudson Rock has unveiled BlackBastaGPT, an advanced AI-powered chatbot trained on over one million leaked internal messages from the Black Basta ransomware gang. This tool, released shortly after a major data breach on February 11, 2025, allows cybersecurity researchers to analyze the gang’s operations, financial strategies, and attack methodologies through natural language queries.
The leaked Matrix chat logs expose how Black Basta planned its attacks, including 367 unique ZoomInfo links to targeted organizations, cryptocurrency wallets, phishing techniques, and internal conversations among key members. By making this dataset accessible through AI, Hudson Rock aims to provide security professionals with deeper insights into cybercriminal tactics, helping organizations strengthen their defenses against ransomware threats.
Inside the Leak: A Cybercriminal Empire Unveiled
The data leak, attributed to an individual using the alias ExploitWhispers, spans 13 months of internal communications (September 2023–September 2024) and offers a rare glimpse into Black Basta’s internal workings. Reports suggest that the leaker acted in retaliation for the gang’s alleged targeting of Russian banks, echoing the 2022 Conti leak, which followed the pro-Russian stance on the Ukraine invasion.
Among the revelations are details about key figures within the gang, including Oleg Nefedov (the alleged leader, known as “Trump”), YY (the main administrator), and Cortes (a Qakbot-linked hacker). The logs also reveal the presence of a 17-year-old member, highlighting the diverse age range within cybercriminal circles.
The messages expose Black Basta’s technical exploits against vulnerabilities in Citrix, as well as phishing campaigns that disguised malware as IT support tools like Cobalt Strike and SystemBC. The leak provides valuable intelligence on the gang’s double-extortion tactics, where they stole and encrypted sensitive data before demanding ransom.
BlackBastaGPT: A New Era in Cyber Threat Intelligence
Hudson Rock’s BlackBastaGPT is designed to transform raw chat logs into actionable intelligence. The chatbot allows researchers to explore key questions such as “What initial access methods did Black Basta prefer?” or “How did they calculate ransom demands?” The AI-driven responses reveal that the gang used ZoomInfo data to estimate a victim’s revenue, tailoring ransom amounts based on their “end-of-year cash flow.”
The tool also illuminates the group’s internal discussions, including mockery of media coverage and insights into Bitcoin laundering strategies and profit-sharing disputes among affiliates. Black Basta was found to have prioritized attacks on the healthcare and finance industries, using business-like negotiation tactics to pressure victims.
Security analysts warn that Black Basta’s leaked tactics, techniques, and procedures (TTPs) could be adopted by rival cybercriminals, making proactive defense crucial. Recommendations include securing remote access systems, enforcing multi-factor authentication, and monitoring for indicators of compromise (IoCs), such as the AntispamConnectUS.exe malware variant used in attacks.
By leveraging adversarial data for proactive cybersecurity defense, BlackBastaGPT marks a paradigm shift in threat intelligence. Instead of reacting to attacks, organizations can now anticipate cybercriminal patterns, making ransomware gangs more vulnerable than ever before.
