Detective Smelly Smellington and his ever-loyal sidekick Bradley McBradley Jr are here to solve the case of the stolen laptop.

Regarding the BlackBasta leaks: we haven't reviewed them in totality yet. It's quite a bit of messages in JSON format. It also has some Russian slang which makes it difficult to translate accurately. Thankfully there are some native Russian speakers who have made some interesting highlights.

1. Somewhere in the conversation BlackBasta members discuss Lockbit ransomware group. They believe he cannot be trusted.

2. In the conversation Dispossessor ransomware group is discussed. Dispossessor wants to join BlackBasta. One of the members "Hshsi Jdidi" says they believe Dispossessor has a "good resume" but think they only want to work with them because of their "fame". They also express concern that Dispossessor may be a law enforcement officer. They express concern with the takedowns from Lockbit, Conti, and others.

3. One of the BlackBasta affiliates is a minor. They are 17 years old.

4. They are EXTREMELY interested in VPN exploits. They go to great lengths to acquire, purchase, or find people, capable of delivering VPN exploits.

5. Someone is wanting to grant them access (or sell them access) to their private loader for the cost of $84,000/month

6. Following the success of Scattered Spider, BlackBasta has begun incorperating social engineering into their operations. They have a person named "Nur" who is responsible for identifying key personnel at organizations they want to target. Once a person of influence is identified (manager, HR, etc) they contact them via telephone call.

7. BlackBasta maintains a spreadsheet of victims they're trying to target. It is shared between members and they collaborate on it together. It has the person of interest, if they've tried social engineering them, and general strategy notes. They often identify multiple targets at companies.

8. The caller who contacts victims is tasked with having the employee install "Remote Monitoring and Management" from level-dot-io. Once the application is installed they begin work (eventually).

9. Targets are not selected randomly. BlackBasta has immense interest in Electrical companies, Industrial supply chain companies (Steel, wood, recycling, general supplies), and Tax and/or Financial management companies (companies which manage finances for other companies).

10. Their workflow is documented fairly well. However, because these leaks are from 2023 - 2024, they may be outdated. Here is the general idea:

Step 1: Get victim to execute malicious .HTA file. The .HTA file is delivered from either a masqueraded malicious download link, social engineering, or a masqueraded malicious e-mail

Step 2: The .HTA file drops a .BAT or .EXE file which contains commands to connect to their C2 server.

Step 3: The C2 server has a .JS file which can then deliver an actual payload file allowing either ransomware deployment, or tooling for remote access.

Bybit had approx. $1,400,000,000 stolen today.

We don't know what that is, or what's going on, but that's a lot of money and ZachXBT is all over it on Telegram

More information: https://news.1rj.ru/str/investigations/211

Congratulations to our cybersecurity colleagues in the United Kingdom. They're probably very happy about this.

(this is sarcasm, don't go schizo in the comments)

https://www.bbc.com/news/articles/cgj54eq4vejo

In December, 2024, Lockbit ransomware group gave us access to the their builder panel.

Now we're banned from Lockbit.

We were informed that some people, when reverse engineering the malware samples we shared, decided to pentest the victim chat client.

RIP free malware

A Threat Actor operating under the moniker "UnicornLover67" compromised the Houston, Texas Police Department (H.P.D. — Houston Police Department) and exfiltrated a colossal amount of data.

"UnicornLover67" subsequently tried to extort the HPD. When the HPD did not pay UnicornLover67 so they could purchase IceSpice (in Fortnite?) and "cop some Nikes", they leaked the HPD's data online.

Additionally, to notify the HPD of the data leak, they replaced all internal training videos with a new "Training Video". The "Training Video" is a heavily edited video displaying UnicornLover67 leaking the data online, demonstrating some of the data they possess, while playing "Kill the Police - Destroy the System" by GG Allin.

We're sharing the video. However, we have removed the ending portion because it contains A LOT of sensitive information.

We have been notified there are 2 people with the alias "UnicornLover67" and this person named "UnicornLover67" is not the real "UnicornLover67" but someone else using the moniker "UnicornLover67".

Someone requested we make that explicitly clear.

We've got some giveaways coming up.

- Books
- Expensive laptop

More news soon

Cheers,

> go gas station for energy drinks
> group of kids loitering outside
> 4 or 5 of them, probably 12 - 14 years old
> leader is obese kid with cool looking shoes
> obese kid: "what's up bro?"
> i reply, "what's up, man?"
> he replies, "my cholesterol"
> they all laugh

mfw

Dear BlackBasta (who is probably following us online),

Please contact us. I wanna say "Hi" and send you pictures of cats.

Thanks,

Apparently it's "illegal" and "unethical" to dispose of used car batteries in the ocean smh

Using SSL? You're a fuckin' sick piece of shit

The National Crime Agency of the UK encrypting data internally in the event of a breach? DISGUSTING

The second we heard about the Bybit compromise we said "Ah, Lazarus".

We had zero evidence. Zero information on the compromise. We didn't even bother seeing other's opinions.

Hello,

I've contracted the Influenza virus. I've got a fever of 102.4f (39.1c).

If I die, bury me with my cat pictures

- smelly smellington

It's difficult to code when you've got the Influenza virus. You'll try to lock in, but the fever visions combined with the heap spray-like dysentery makes it difficult.

As something we can only describe as nightmare material — two software engineers from Meta (Anton Pidkuiko, Boris Starkov) demonstrated a more efficient way for AI to communicate.

The scenario of the AI recognizing each other is a demonstration. The communication is real.