Fortunately, in this case, Black Basta didn’t make it that far. Instead, the security researchers used the opportunity to better understand Black Basta’s “backend servers”, tools, and methods. Black Basta will sometimes use a victim’s network to log into their own servers, which leads to interesting opportunities to observe the gang’s operations…
The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta’s “backend” servers and how they manage them. TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the “Breaking Badness” podcast.
The articles go into great detail – even asking whether deleting their own exfiltrated data from the gang’s server “would technically constitute a federal offense per the ‘The Computer Fraud and Abuse Act’ of 1986.”
Read more of this story at Slashdot.