As already reported, the IT of the German Press Agency (dpa) was hit by a cyber attack. The perpetrators were probably more successful than expected. According to various sources, the Black Basta hacker group offers the captured data on the dark web: payslips and sensitive data from around 1.500 dpa employees.
In the first announcements it was only guesswork, now it is a certainty. The Black Basta hack group carried out the cyber attack on the German Press Agency (dpa) and successfully stole data. As the mirror reports, the data should be the employees' payslips with all other personal data. Since this information is valuable, the Black Basta group is now offering it for sale on the dark web. After all, it is about 1.500 important parts of identities.
The State Criminal Police Office is investigating
The incident also triggered an investigation by the Hamburg State Criminal Police Office. But first of all you can only state the facts there. The seizure of the perpetrators will probably not happen easily. After all, Black Basta is not only active, but unfortunately very often successful in its attacks. So they put about in the Spring 2022 the tractor manufacturer Fendt lame. The group is now in the top ten of attacking groups by many experts, security researchers and labs. Such as Unit 42, the Palo Alto Networks malware analysis team. It recently published a report giving many details about the Black Basta ransomware group.
Black Basta runs leak site
Although the members have only been active for a few months, according to the information published on their leak site, they have already compromised more than 75 companies and institutions. Other key findings from the Palo Alto Networks investigation include:
- The RaaS – Ransomware as a Service – uses double extortion as part of the attacks.
- Data from at least 20 victims was published on the leak site in the first two weeks of the ransomware's deployment.
Since the Black Basta attacks in 2022 were a global sensation and recurring, it is likely that the operators and/or their affiliated partners behind the service will continue to target and extort businesses.