There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- A free-for-all but no crippling cyberattacks in Ukraine war
March 1, 2022
Russia has some of the best hackers in the world, but in the early days of the war in Ukraine, its ability to create mayhem through malware hasn’t had much of a noticeable impact. Instead, it’s Ukraine that’s marshalled sympathetic volunteer hackers in an unprecedented collective global effort to make the Kremlin pay for making war ...
- Insurance giant AON hit by a cyberattack over the weekend
February 28, 2022
Professional services and insurance giant AON has suffered a cyberattack that impacted a “limited” number of systems. AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cybersecurity consulting, risk solutions, healthcare insurance, and wealth management products. AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees ...
- Manufacturing is the most targeted sector by ransomware in Brazil
February 28, 2022
According to a report published by IBM on security threats in Latin America, companies from the manufacturing sector are feeling the greatest impact of attacks orchestrated by ransomware gangs. Ransomware, corporate email compromise, and credential harvesting together brought bring sector companies to a standstill in Latin America in 2021, further straining supply chains, the X-Force Threat ...
- Quarter of a million lawyer disciplinary records leak
February 28, 2022
Approximately 260,000 nonpublic disciplinary records stored on behalf of The State Bar of California were found to be exposed to the public and to have been republished on Judyrecords.com, a website that aggregates over 630 million public court records. The sensitive records exposed include the case number, filing date, case type, case status, and respondent and ...
- SMS PVA Part 2: Underground Service for Cybercriminals
February 27, 2022
In part one, Trend Micro researchers extensively discussed SMS PVA and started investigating a particular service called ReceiveCode that our team first found on a Facebook advertisement. ReceiveCode offers users access to SMS code verification sent to mobile numbers that the company has in their storage. Customers simply need to sign up to their customer-facing portal, ...
- Nvidia probes cyberattack on internal systems
February 26, 2022
Nvidia is probing what may be a ransomware infection that caused outages within its internal network. The malware is said to have taken hold in the past two days, knocking down email and developer systems. The GPU giant continues to investigate. In a statement, an Nvidia spokesperson told The Register on Friday: “Our business and commercial activities continue uninterrupted. ...