How Black Basta Turned Public Data into a Breach Playbook by Lucie Cardiet

**Executive summary:** Leaked Black Basta chat logs reveal a methodical OSINT-driven process—using services like ZoomInfo, LinkedIn, RocketReach, Shodan and public credential dumps—to map organizations, find exposed infrastructure, harvest credentials, and quietly gain access before executing ransomware; the piece emphasizes the importance of reducing public exposure, improving access controls and monitoring identity/behavioral signals as defensive measures.