BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. “We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated,” a company spokesman reported.
See: https://redskyalliance.org/xindustry/black-basta-2
BT Group operates in 180 countries, leading in UK fixed-line, broadband, mobile, TV, and IT services. The attack did not impact live BT Conferencing services. “The impacted servers do not support live BT Conferencing services, which remain fully operational, and no other BT Group or customer services have been affected,” reported a BT spokesperson. “We’re continuing to investigate all aspects of this incident actively and working with the relevant regulatory and law enforcement bodies as part of our response.”
It is unclear if threat actors have stolen data from the telecommunications company. The Black Basta ransomware gang added BT Group to the list of victims on its Tor leak site. The group claimed to have stolen 500GB of data, including financial data, organization data, user data, personal documents, NDAs, confidential data, and additional undisclosed data.
In May 2024, the FBI, CISA, HHS, and MS-ISAC issued a joint Cybersecurity Advisory (CSA) regarding the Black Basta ransomware activity as part of the StopRansomware initiative.
Black Basta has targeted at least 12 critical infrastructure sectors, including Healthcare and Public Health. The alert provides Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) obtained from law enforcement investigations and reports from third-party security firms. Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, impacting several businesses and critical infrastructure entities across North America, Europe, and Australia. As of May 2024, Black Basta has affected over 500 organizations worldwide.
See: https://redskyalliance.org/xindustry/ransomware-as-a-service-went-to-business-school
“Black Basta is a Ransomware-as-a-Service (RaaS) variant, first identified in April 2022. Black Basta affiliates have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.” reads the CSA.
In December 2023, Elliptic and Corvus Insurance published a joint research that revealed the group accumulated at least $107 million in Bitcoin ransom payments since early 2022. According to the experts, the ransomware gang has infected over 329 victims, including ABB, Capita, Dish Network, and Rheinmetall. The researchers analyzed blockchain transactions and discovered a link between Black Basta and the Conti Group. In 2022, the Conti gang discontinued its operations, coinciding with the emergence of the Black Basta group in the threat landscape.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
https://securityaffairs.com/171668/breaking-news/black-basta-ransomware-attack-bt-group.html
https://www.reliaquest.com/blog/q1-2024-ransomware/
Comments