Leaked Black Basta chat logs suggest possible connections between the ransomware operation and Russian authorities, including potential aid in their leader’s escape from Armenia. The logs also reveal the group’s use of ChatGPT, overlap with other ransomware operations, and development of new malware and post-exploitation frameworks. Additionally, the group has been using a brute-forcing framework called BRUTED since 2023 to perform credential stuffing and brute-force attacks on target devices.