There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Cybercrime: Dark web carding forum users are getting worried after a string of shutdowns
February 18, 2022
Cybercriminals are getting spooked by the sudden disappearance of a number of prominent dark web marketplaces, leading some to wonder if time is up on their illegal, underground activities. Cybersecurity researchers at Digital Shadows have analysed activity on carding forums – dark web marketplaces where criminals buy and sell stolen credit card information and other personal ...
- Interpol: Policing model needs to change with cybercrime
February 17, 2022
The digitalisation of the global workforce in the face of a pandemic has led criminals to upgrade their working model, and now law enforcement must too. Interpol cybercrime director Craig Jones set forward this idea at Acronis’s CyberFit Summit in Singapore on Thursday, dispelling the stereotype of a lone threat actor in a hoodie hunched over ...
- FBI to form new cryptocurrency unit
February 17, 2022
The FBI is forming a new team dedicated to cryptocurrency, according to the Department of Justice (DOJ). The new team will work closely with the National Cryptocurrency Enforcement Team, the DOJ announced Thursday. Prosecutor Eun Young Choi, who has a background in cyber-related crimes, will serve as the National Cryptocurrency Enforcement Team’s first director. Read more… Source: The Hill
- SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification
February 15, 2022
There has been an increase in short message service (SMS) phone-verified account (PVA) services in the last two years. SMS PVA services provide alternative mobile numbers that customers can use to register for online services and platforms. These types of services help circumvent the SMS verification mechanisms widely used by online platforms and services to ...
- Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraud
February 15, 2022
The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking. On Tuesday, researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against a set of critical vulnerabilities disclosed last year, was targeted to ...
- Australia: Pezzullo frames Critical Infrastructure Bills as ‘defence’ and ransomware plan as ‘offence’
February 14, 2022
At the end of last year, Australia’s Security Legislation Amendment (Critical Infrastructure) Act 2021 became law to give government “last resort” powers to direct an entity when responding to cyber attacks, which included introducing a cyber-incident reporting regime for critical infrastructure assets. Those laws were originally drafted to be wider in scope, with Home Affairs proposing ...