There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Brazilian e-commerce firm Americanas reports multimillion-dollar loss following cyberattack
May 16, 2022
Brazilian e-commerce conglomerate Americanas.com reported a multimillion-dollar loss in sales in its financial results on Friday after a major cyberattack earlier this year. The company lost 923 million Brazilian reais ($183 million) in sales after two attacks that took place between February 19 and 20 and rendered its e-commerce operation unavailable. According to the company, physical ...
- HTML attachments in phishing e-mails
May 16, 2022
The use of embedded HTML documents in phishing e-mails is a standard technique employed by cybercriminals. It does away with the need to put links in the e-mail body, which antispam engines and e-mail antiviruses usually detect with ease. HTML offers more possibilities than e-mail for camouflaging phishing content. There are two main types of HTML ...
- Engineering firm Parker discloses data breach after ransomware attack
May 16, 2022
The Parker-Hannifin Corporation announced a data breach exposing employees’ personal information after the Conti ransomware gang began publishing allegedly stolen data last month. Parker is an Ohio-based corporation specializing in advanced motion and control technologies, with a strong focus in aerospace hydraulic equipment. It has a revenue of $15.6 billion and employs over 58,000 people. Parker-Hannifin says ...
- FBI: Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code
May 16, 2022
As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server. The unidentified cyber actors also established backdoor access to the ...
- Iran-linked Cobalt Mirage extracts money, info from US orgs – report
May 13, 2022
The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes, according to Secureworks’ threat intelligence team. The cybercriminal gang has been around since June 2020, and its most recent activities have been put into two categories. One, using ransomware to extort money, as illustrated by a strike in ...
- Ukrainian crook jailed in US for selling thousands of stolen login credentials
May 13, 2022
A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers. Glib Oleksandr Ivanov-Tolpintsev, 28, was arrested by Polish authorities in Korczowa, Poland, on October 3, 2020, and extradited to America. He pleaded guilty on February 22, and ...