Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware


Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators.

Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024, followed by an update in August 2024, when the operators updated their tactics and malware payloads and began sending lures via Microsoft Teams. Now, the procedures followed by the threat actors in the early stages of the social engineering attacks have been refined again, with new malware payloads, improved delivery, and increased defense evasion.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • FBI Agents’ Call And Text Logs Potentially Stolen In Data Breach

    January 23, 2025

    The FBI has raised alarm that hackers who breached AT&T’s system last year may have stolen months of agents’ call and text logs, which could potentially lead to the identities of anonymous informants connected to investigations. While the hackers did not access the content of conversations, the stolen call log metadata—records of who called whom, when ...

  • 7-Zip bug could allow a bypass of a Windows security feature – update now

    January 22, 2025

    A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that ...

  • Conduent confirms outage was due to a cybersecurity incident

    January 22, 2025

    U.S. government contractor Conduent, which provides technology to support services such as child support and food assistance, has confirmed that a recent outage was caused by a cybersecurity incident. Conduent confirmed the disruption, which left some U.S. residents without access to support payments, to TechCrunch on Tuesday but declined to say whether the outage was related ...

  • Odds & Ends: Unraveling the Surebet Playbook

    January 22, 2025

    The global sports betting market has seen explosive growth in recent years, fueled by the rise of online gambling platforms, increased internet access and penetration, and the legalization of betting in numerous countries. As of 2023, research showed that the global sports betting market was valued at around $92.1 billion, with projections suggesting it could ...

  • ChatGPT API vulnerability could enable large-scale DDoS attacks

    January 21, 2025

    A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub. According to Flesch, the flaw lies in the ...

  • eCommerce data breach exposes details on half a million users

    January 21, 2025

    The North Pole Company, a Canadian gift basket delivery service, allegedly suffered a data breach in which half a million customers lost sensitive personal information. The claim was made on BreachForums, a popular underground community where cybercriminals come to share tools, resources, and experiences, to find partners and plan future attacks. As cybersecurity researchers from Incogni ...