There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- US Senate passes cybersecurity act forcing orgs to report cyberattacks, ransom payments
March 2, 2022
The US Senate approved new cybersecurity legislation that will force critical infrastructure organizations to report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and ransomware payments within 24 hours. The Strengthening American Cybersecurity Act passed by unanimous consent on Tuesday after being introduced on February 8 by Senators Rob Portman and Gary ...
- SMS PVA Part 3: Countries Most Impacted by Service
March 2, 2022
Part two of our blog entry discussed the impacts and implications of SMS PVA services. The article also explored how these services work by using Carousell as an example. Moreover, it discussed the “benefits” of SMS PVA services to cybercriminals. In the final installation of our series, we’ll discuss relevant statistics and recommendations to mitigate the ...
- TeaBot Android Banking Trojan continues its global conquest with new upgrades
March 2, 2022
The TeaBot Remote Access Trojan (RAT) has been upgraded, leading to a huge increase in both targets and spread worldwide. On March 1, the Cleafy research team said TeaBot now targets over 400 applications, pivoting from an earlier focus on “smishing” to more advanced tactics. Smishing attacks are used to compromise mobile handsets via spam text messages ...
- DDoS attackers have found this new trick to knock over websites
March 2, 2022
Distributed denial of service (DDoS) attackers are using a new technique to knock websites offline by targeting vulnerable ‘middleboxes’, such as firewalls, to amplify junk traffic attacks. Amplification attacks are nothing new and have helped attackers knock over servers with short busts of traffic as high as 3.47 Tbps. Microsoft last year mitigated attacks on this ...
- Hackers Become the Hacked: Anonymous’ Site Taken Down Following Declaration of ‘Cyberwar’ on Russia
March 1, 2022
The Anonymous hacker collective began attacking the Russian segment of the internet Friday in connection with the situation in Ukraine, targeting websites of Russian businesses, media, the military and various government agencies. A hacking group called Killnet claims to have brought down a key website affiliated with Anonymous, as well as the neo-Nazi Ukrainian Right Sector ...
- Second data-wiping malware found in Ukraine, says ESET
March 1, 2022
The disk-wiping malware that tore through at least hundreds of Ukrainian Windows systems at the start of Russia’s occupation wasn’t alone. Slovakian infosec firm ESET has found a second similar strain in Ukraine. “Malware artefacts suggest that the attacks had been planned for several months,” said the biz. Last week, as the Russian armed forces invaded ...