There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- U.S. DOJ: Prolific Chinese state-sponsored contract hacker extradited from Italy
April 27, 2026
Xu Zewei (徐泽伟), 34, of the People’s Republic of China was extradited to the United States this weekend and appeared today in U.S. District Court in Houston on a nine-count indictment related to his involvement in computer intrusions between February 2020 and June 2021. Certain of those computer intrusions allegedly are part of the HAFNIUM computer ...
- Researchers find cyber-sabotage malware that may predate Stuxnet by five years
April 24, 2026
Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics simulation software and therefore represents an attempt at sabotage, and suggests it was created years before the Stuxnet worm that aimed to destroy Iran’s uranium enrichment centrifuges. The company’s Vitaly Kamluk discussed the malware in a talk at the Black Hat Asia ...
- Stolen medical data from 500,000 UK volunteers advertised for sale on a Chinese website
April 23, 2026
Health information belonging to 500,000 people in the United Kingdom has been stolen and offered for sale on the Chinese website Alibaba, the UK’s technology minister Ian Murray has confirmed. The medical data comes from participants of UK Biobank, the world’s most comprehensive dataset of biological, health, and lifestyle information, compiled from volunteers and used by ...
- France confirms data breach at government agency that manages citizens’ IDs
April 22, 2026
The French government agency that handles the issuing and management of citizens’ identity documents, including national IDs, passports, and immigration documents, confirmed Wednesday that it experienced a data breach. In an announcement, the Agence Nationale des Titres Sécurisés (ANTS) said the data stolen in the breach could include full names, dates and places of birth, mailing ...
- Void Dokkaebi uses fake job interview lure to spread malware via code repositories
April 21, 2026
Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure. As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning ...
- Lotus Wiper: A new threat targeting the energy and utilities sector
April 21, 2026
In light of geopolitical tensions that occurred in the Caribbean region in late 2025 and early 2026, artifacts associated with the attack chain of a destructive wiping campaign targeting the energy and utilities sector in Venezuela were identified on a publicly available resource. They were uploaded in mid-December. Two batch scripts are responsible for initiating the ...