There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Croatian phone carrier data breach impacts 200,000 clients
February 11, 2022
Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information. The type of information that ...
- ModifiedElephant APT plant criminal evidence on human rights defender, lawyer devices
February 11, 2022
Cybercriminals are hijacking the devices of civil rights activists and planting “incriminating evidence” in covert cyberattacks, researchers warn. According to SentinelLabs, an advanced persistent threat (APT) group dubbed ModifiedElephant has been responsible for widespread attacks targeting human rights activists and defenders, academics, journalists, and lawyers across India. The APT is thought to have been in operation since ...
- DDoS attacks in Q4 2021
February 10, 2022
Q4 2021 saw the appearance of several new DDoS botnets. A zombie network, named Abcbot by researchers, first hit the radar in July, but at the time it was little more than a simple scanner attacking Linux systems by brute-forcing weak passwords and exploiting known vulnerabilities. In October, the botnet was upgraded with DDoS functionality. ...
- A sign of ransomware growth: Gangs now arbitrate disputes
February 9, 2022
Cyber criminal gangs are getting increasingly adept at hacking and becoming more professional, even setting up an arbitration system to resolve payment disputes among themselves, according to a new report by the United States, Australia and the United Kingdom that paints a bleak picture of ransomware trends. Ransomware gangs, which hack targets and hold their data ...
- Decryptor released for Maze, Egregor, and Sekhmet ransomware strains
February 9, 2022
A decryptor has been released for the Maze, Sekhmet, and Egregor ransomware after someone published the master decryption keys in a BleepingComputer forum post. Around 6:30 yesterday evening, someone identifying themselves as “Topleak” said, “It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families.” “Each archive with keys have corresponding keys inside ...
- FBI: Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public
February 8, 2022
The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to ...