An analysis of the Black Basta ransomware group's internal chat logs has revealed how the group executes attacks. KELA and Ontinue are two firms that analyzed the logs and revealed that Black Basta gains initial access through compromised Remote Desktop Protocol and VPN credentials, often obtained via infostealer malware. The group also conducts large-scale phishing campaigns of Microsoft services to intercept login credentials.